CVE-2019-20176

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-20176
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20176.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-20176
Downstream
Related
Published
2019-12-31T15:15:11Z
Modified
2025-10-15T10:48:27.764905Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.

References

Affected packages

Git / github.com/jedisct1/pure-ftpd

Affected ranges

Type
GIT
Repo
https://github.com/jedisct1/pure-ftpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
aea56f4bcb9948d456f3fae4d044fd3fa2e19706

Affected versions

1.*

1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
1.0.39
1.0.40
1.0.41
1.0.42
1.0.43
1.0.44
1.0.45
1.0.46
1.0.47
1.0.48
1.0.49

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "src/ls.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "56445503046048394930460835168778733056",
                "246405011480971568070211572262472919841",
                "200412280742133149971641851506952845514",
                "217944701692212553692763553707573105035",
                "141489857341975874314917875217168091459",
                "198737676652004034545438463689209181914",
                "229404802347628598257585161679978625760",
                "50171571296122931671985020404489725890",
                "236852844768462659869856831426197593274",
                "294136189931050001679159128676571279991",
                "56029665179969632367734316365735055607",
                "114784156564473469196101398068334715954",
                "81371649570701425827271975410232115167",
                "149792289911419395287061867004506234853",
                "19270337055842385990470226442549447670",
                "219803556575202816943100725653408716352",
                "260528986579099520244532034040127847635",
                "232905841969039681077691266846252072915",
                "324445403454670848493801271911105018058",
                "210940678765301106421924729221037700983",
                "330577138534351162550467911665062544641",
                "269822259840748273419484544635821532134",
                "139218607653622710718688920222346559506",
                "18379336389158258458791795342757866238",
                "84928474189943885522301630519396609899"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2019-20176-d43f31eb",
        "source": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706",
        "signature_version": "v1"
    }
]