CVE-2011-0418

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

Published: May 25, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0418
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
pureftpd / pure-ftpd	0.97-final	0.97-final.x
pureftpd / pure-ftpd	1.0.19	1.0.19.x
pureftpd / pure-ftpd	1.0.10	1.0.10.x
pureftpd / pure-ftpd	0.97pre1	0.97pre1.x
pureftpd / pure-ftpd	0.98-final	0.98-final.x
pureftpd / pure-ftpd	0.95	0.95.x
pureftpd / pure-ftpd	0.97pre4	0.97pre4.x
pureftpd / pure-ftpd	0.98.2a	0.98.2a.x
pureftpd / pure-ftpd	1.0.6	1.0.6.x
pureftpd / pure-ftpd	0.97.3	0.97.3.x
pureftpd / pure-ftpd	0.97pre3	0.97pre3.x
pureftpd / pure-ftpd	0.96.1	0.96.1.x
pureftpd / pure-ftpd	1.0.15	1.0.15.x
pureftpd / pure-ftpd	1.0.9	1.0.9.x
pureftpd / pure-ftpd	0.97.7pre1	0.97.7pre1.x
pureftpd / pure-ftpd	0.97.5	0.97.5.x
pureftpd / pure-ftpd	1.0.26	1.0.26.x
pureftpd / pure-ftpd	0.95-pre3	0.95-pre3.x
pureftpd / pure-ftpd	1.0.24	1.0.24.x
pureftpd / pure-ftpd	0.98pre2	0.98pre2.x
pureftpd / pure-ftpd	0.99pre2	0.99pre2.x
pureftpd / pure-ftpd	0.97pre2	0.97pre2.x
pureftpd / pure-ftpd	1.0.3	1.0.3.x
pureftpd / pure-ftpd	1.0.1	1.0.1.x
pureftpd / pure-ftpd	1.0.0	1.0.0.x
pureftpd / pure-ftpd	0.97.7pre2	0.97.7pre2.x
pureftpd / pure-ftpd	1.0.27	1.0.27.x
pureftpd / pure-ftpd	1.0.17	1.0.17.x
pureftpd / pure-ftpd	1.0.4	1.0.4.x
pureftpd / pure-ftpd	0.97.7pre3	0.97.7pre3.x
pureftpd / pure-ftpd	1.0.30	1.0.30.x
pureftpd / pure-ftpd	1.0.18	1.0.18.x
pureftpd / pure-ftpd	0.95-pre1	0.95-pre1.x
pureftpd / pure-ftpd	0.99	0.99.x
pureftpd / pure-ftpd	1.0.16b	1.0.16b.x
pureftpd / pure-ftpd	0.99a	0.99a.x
pureftpd / pure-ftpd	0.96	0.96.x
pureftpd / pure-ftpd	0.95.2	0.95.2.x
pureftpd / pure-ftpd	1.0.25	1.0.25.x
pureftpd / pure-ftpd	0.98.1	0.98.1.x
pureftpd / pure-ftpd	1.0.28	1.0.28.x
pureftpd / pure-ftpd	0.99b	0.99b.x
pureftpd / pure-ftpd	0.99.1	0.99.1.x
pureftpd / pure-ftpd	1.0.16a	1.0.16a.x
pureftpd / pure-ftpd	0.94	0.94.x
pureftpd / pure-ftpd	1.0.16c	1.0.16c.x
pureftpd / pure-ftpd	0.97.4	0.97.4.x
pureftpd / pure-ftpd	0.99.2a	0.99.2a.x
pureftpd / pure-ftpd	1.0.13a	1.0.13a.x
pureftpd / pure-ftpd	0.95-pre4	0.95-pre4.x
pureftpd / pure-ftpd	0.97pre5	0.97pre5.x
pureftpd / pure-ftpd	0.99.4	0.99.4.x
pureftpd / pure-ftpd	1.0.11	1.0.11.x
pureftpd / pure-ftpd	0.98pre1	0.98pre1.x
pureftpd / pure-ftpd	0.97.6	0.97.6.x
pureftpd / pure-ftpd	0.95.1	0.95.1.x
pureftpd / pure-ftpd	0.91	0.91.x
pureftpd / pure-ftpd	0.95-pre2	0.95-pre2.x
pureftpd / pure-ftpd	0.98.3	0.98.3.x
pureftpd / pure-ftpd	1.0.14	1.0.14.x
pureftpd / pure-ftpd	1.0.7	1.0.7.x
pureftpd / pure-ftpd	0.98.4	0.98.4.x
pureftpd / pure-ftpd	0.99.1a	0.99.1a.x
pureftpd / pure-ftpd	0.98.6	0.98.6.x
pureftpd / pure-ftpd	1.0.21	1.0.21.x
pureftpd / pure-ftpd	1.0.22	1.0.22.x
pureftpd / pure-ftpd	0.99.1b	0.99.1b.x
pureftpd / pure-ftpd	0.97.2	0.97.2.x
pureftpd / pure-ftpd	1.0.20	1.0.20.x
pureftpd / pure-ftpd	0.98.2	0.98.2.x
pureftpd / pure-ftpd	0.99.9	0.99.9.x
pureftpd / pure-ftpd	1.0.2	1.0.2.x
pureftpd / pure-ftpd	0.99.3	0.99.3.x
pureftpd / pure-ftpd	-	1.0.31.x
pureftpd / pure-ftpd	0.90	0.90.x
pureftpd / pure-ftpd	0.96pre1	0.96pre1.x
pureftpd / pure-ftpd	0.99.2	0.99.2.x
pureftpd / pure-ftpd	1.0.5	1.0.5.x
pureftpd / pure-ftpd	0.99pre1	0.99pre1.x
pureftpd / pure-ftpd	0.98.5	0.98.5.x
pureftpd / pure-ftpd	0.93	0.93.x
pureftpd / pure-ftpd	1.0.8	1.0.8.x
pureftpd / pure-ftpd	0.97.7	0.97.7.x
pureftpd / pure-ftpd	1.0.29	1.0.29.x
pureftpd / pure-ftpd	0.92	0.92.x
pureftpd / pure-ftpd	1.0.17a	1.0.17a.x
pureftpd / pure-ftpd	0.98.7	0.98.7.x
pureftpd / pure-ftpd	1.0.12	1.0.12.x
pureftpd / pure-ftpd	0.97.1	0.97.1.x
netbsd / netbsd	5.1	5.1.x

Vulnerability Database

289,697

CVE-2011-0418