5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.072 Low
EPSS
Percentile
94.0%
An iDEFENSE Security Advisory reports:
Remote exploitation of an input validation vulnerability
in version 2.6.2 of WU-FPTD could allow for a denial of
service of the system by resource exhaustion.
The vulnerability specifically exists in the
wu_fnmatch() function in wu_fnmatch.c. When a
pattern containing a ‘’ character is supplied as input,
the function calls itself recursively on a smaller
substring. By supplying a string which contains a large
number of '’ characters, the system will take a long time
to return the results, during which time it will be using
a large amount of CPU time.