Candidate: CVE-2020-9365
PublicDate: 2020-02-24 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9365
 https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b
 https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e
Description:
 An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read
 has been detected in the pure_strcmp function in utils.c.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952471
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_pure-ftpd:
upstream_pure-ftpd: released (1.0.49-3)
precise/esm_pure-ftpd: DNE
trusty_pure-ftpd: ignored (out of standard support)
trusty/esm_pure-ftpd: DNE
xenial_pure-ftpd: ignored (end of standard support, was needs-triage)
bionic_pure-ftpd: needs-triage
eoan_pure-ftpd: ignored (reached end-of-life)
focal_pure-ftpd: not-affected (1.0.49-4)
groovy_pure-ftpd: not-affected (1.0.49-4)
hirsute_pure-ftpd: not-affected (1.0.49-4)
impish_pure-ftpd: not-affected (1.0.49-4)
jammy_pure-ftpd: not-affected (1.0.49-4)
devel_pure-ftpd: not-affected (1.0.49-4)