CVE-2021-40524: Malicious File Upload
First published: Sun Sep 05 2021(Updated: )
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pureftpd Pure-ftpd | >=1.0.23<1.0.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2021-40524.
What is the severity level of CVE-2021-40524?
The severity level of CVE-2021-40524 is high.
How does CVE-2021-40524 affect Pure-FTPd?
CVE-2021-40524 affects Pure-FTPd versions before 1.0.50.
What is the potential impact of CVE-2021-40524?
The potential impact of CVE-2021-40524 is denial of service or server hang.
Is there a fix available for CVE-2021-40524?
Yes, a fix is available for CVE-2021-40524. Upgrade to Pure-FTPd version 1.0.50 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/tags
- agent/event
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/pureftpd
- canonical/pureftpd pure-ftpd
- version/pureftpd pure-ftpd/1.0.23