Lucene search
MitreCVE-2023-24042HistoryJan 21, 2023 - 2:15 a.m.
CVE-2023-24042
2023-01-2102:15:09
CWE-362
mitre
web.nvd.nist.gov
28
security
vulnerability
cve-2023-24042
lightftp
race condition
path traversal
ftp
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
37.8%
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.
Affected configurations
Node
lightftp_projectlightftpRange≤2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lightftp_project | lightftp | * | cpe:2.3:a:lightftp_project:lightftp:*:*:*:*:*:*:*:* |
References
Related
osv
osv
CVE-2023-24042
2023-01-21 02:15:09
cvelist
cvelist
CVE-2023-24042
2023-01-21 00:00:00
prion
prion
Race condition
2023-01-21 02:15:00
nvd
nvd
CVE-2023-24042
2023-01-21 02:15:09
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
37.8%
Related for CVE-2023-24042