Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46377

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command.

Published

2023-05-10T16:15:10.153

Last Modified

2024-11-21T07:30:29.293

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-823
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	weston-embedded	uc-ftps	1.98.00	Yes

References

https://github.com/weston-embedded/uC-FTPs/pull/2 Patch ([email protected])
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681 Exploit, Mitigation, Third Party Advisory ([email protected])
https://github.com/weston-embedded/uC-FTPs/pull/2 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681 Exploit, Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)