Candidate: CVE-2019-20176
PublicDate: 2019-12-31 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20176
 https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
Description:
 In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir
 function in ls.c.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947869
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_pure-ftpd:
upstream_pure-ftpd: released (1.0.49-2)
precise/esm_pure-ftpd: DNE
trusty_pure-ftpd: ignored (out of standard support)
trusty/esm_pure-ftpd: DNE
xenial_pure-ftpd: ignored (end of standard support, was needs-triage)
bionic_pure-ftpd: needs-triage
disco_pure-ftpd: ignored (reached end-of-life)
eoan_pure-ftpd: ignored (reached end-of-life)
focal_pure-ftpd: not-affected (1.0.49-2)
groovy_pure-ftpd: not-affected (1.0.49-2)
hirsute_pure-ftpd: not-affected (1.0.49-2)
impish_pure-ftpd: not-affected (1.0.49-2)
jammy_pure-ftpd: not-affected (1.0.49-2)
devel_pure-ftpd: not-affected (1.0.49-2)