Vulnerability CVE-2022-46378


Published: 2023-05-10

Description:
An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.

Type:

CWE-823

(Use of Out-of-range Pointer Offset)

 References:
https://github.com/weston-embedded/uC-FTPs/pull/2
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681

Copyright 2024, cxsecurity.com

 

Back to Top