Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2017-15271

Published: 15/11/2017 Updated: 09/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Psftp

Vulnerability Summary

A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled malicious users to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.

Vulnerable Product Search on Vulmon Subscribe to Product

psftp psftpd 10.0.4

Exploits

Exploit DB: PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free
X41 D-Sec GmbH Security Advisory: X41-2017-006 Multiple Vulnerabilities in PSFTPd Windows FTP Server ===================================================== Overview -------- Confirmed Affected Versions: 1004 Build 729 Confirmed Patched Versions: None Vendor: Sergei Pleis Softwareentwicklung Vendor URL: wwwpsftpde/ftp-server/ Vector: Net ...
Exploit DB: PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection
PSFTPd Windows FTP Server version 1004 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities ...

References

CWE-416https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.htmlhttps://www.exploit-db.com/exploits/43144/http://www.securityfocus.com/archive/1/541518/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/43144/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook