The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X prior to 10.11, allows remote malicious users to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netbsd tnftpd |