CVE-2019-20176
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-20176
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20176.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-20176
- Downstream
- Related
- Published
- 2019-12-31T15:15:11Z
- Modified
- 2025-09-16T07:02:47.336545Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
- References
-
- https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
Affected packages
Debian:11 / pure-ftpd
Package
- Name
- pure-ftpd
- Purl
- pkg:deb/debian/pure-ftpd?arch=source
Debian:12 / pure-ftpd
Package
- Name
- pure-ftpd
- Purl
- pkg:deb/debian/pure-ftpd?arch=source
Debian:13 / pure-ftpd
Package
- Name
- pure-ftpd
- Purl
- pkg:deb/debian/pure-ftpd?arch=source
Debian:14 / pure-ftpd
Package
- Name
- pure-ftpd
- Purl
- pkg:deb/debian/pure-ftpd?arch=source
Git / github.com/jedisct1/pure-ftpd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jedisct1/pure-ftpd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
1.0.39
1.0.40
1.0.41
1.0.42
1.0.43
1.0.44
1.0.45
1.0.46
1.0.47
1.0.48
1.0.49
Database specific
{
"vanir_signatures": [
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"56445503046048394930460835168778733056",
"246405011480971568070211572262472919841",
"200412280742133149971641851506952845514",
"217944701692212553692763553707573105035",
"141489857341975874314917875217168091459",
"198737676652004034545438463689209181914",
"229404802347628598257585161679978625760",
"50171571296122931671985020404489725890",
"236852844768462659869856831426197593274",
"294136189931050001679159128676571279991",
"56029665179969632367734316365735055607",
"114784156564473469196101398068334715954",
"81371649570701425827271975410232115167",
"149792289911419395287061867004506234853",
"19270337055842385990470226442549447670",
"219803556575202816943100725653408716352",
"260528986579099520244532034040127847635",
"232905841969039681077691266846252072915",
"324445403454670848493801271911105018058",
"210940678765301106421924729221037700983",
"330577138534351162550467911665062544641",
"269822259840748273419484544635821532134",
"139218607653622710718688920222346559506",
"18379336389158258458791795342757866238",
"84928474189943885522301630519396609899"
],
"threshold": 0.9
},
"source": "https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706",
"id": "CVE-2019-20176-d43f31eb",
"target": {
"file": "src/ls.c"
}
}
]
}