Lucene search
HistoryJan 21, 2023 - 2:15 a.m.
CVE-2023-24042
lightftp
race condition
path traversal
ftp request
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.8%
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.
Affected configurations
Node
lightftp_projectlightftpRange≤2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lightftp_project | lightftp | * | cpe:2.3:a:lightftp_project:lightftp:*:*:*:*:*:*:*:* |
References
Related
osv
osv
CVE-2023-24042
2023-01-21 02:15:09
cve
cve
CVE-2023-24042
2023-01-21 02:15:09
prion
prion
Race condition
2023-01-21 02:15:00
cvelist
cvelist
CVE-2023-24042
2023-01-21 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.8%
Related for NVD:CVE-2023-24042