CVE-2020-1939: Null Pointer Dereference
First published: Tue May 12 2020(Updated: )
The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache NuttX | >=6.15<=8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-1939?
CVE-2020-1939 is classified as a medium severity vulnerability.
How does CVE-2020-1939 affect users of Apache NuttX?
CVE-2020-1939 affects users of the optional apps repository, specifically those using the ftpd component.
How do I fix CVE-2020-1939?
To fix CVE-2020-1939, users should update to a patched version of the ftpd app in the Apache NuttX apps repository.
Which versions of Apache NuttX are affected by CVE-2020-1939?
CVE-2020-1939 affects Apache NuttX versions between 6.15 and 8.2 inclusive.
Is the core NuttX RTOS affected by CVE-2020-1939?
No, the NuttX RTOS itself is not affected by CVE-2020-1939.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/apache
- canonical/apache nuttx
- version/apache nuttx/6.15
- version/apache nuttx/8.2