Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xlight_ftp_server | xlight_ftp_server | 1.52 |
| xlight_ftp_server | xlight_ftp_server | 1.45 |
| xlight_ftp_server | xlight_ftp_server | 1.25 |
| xlight_ftp_server | xlight_ftp_server | 1.41 |
Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xlight_ftp_server | xlight_ftp_server | 1.52 |