CVE-2020-9274

Priority
Description
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer
vulnerability has been detected in the diraliases linked list. When the
*lookup_alias(const char alias) or print_aliases(void) function is called,
they fail to correctly detect the end of the linked list and try to access
a non-existent list member. This is related to init_aliases in
diraliases.c.
Notes
Package
Upstream:released (1.0.49-4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.36-3.2+deb8u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1.0.49-4)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.0.49-4)
More Information

Updated: 2020-09-17 18:14:47 UTC (commit e4d30e91645fb64d6ea734f6d9642a683aaf7496)