Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0256

CWE-119 — Buffer Overflow6 documents6 sources

Severity

5.0MEDIUM

EPSS

26.6%

top 3.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Washington University Wu-ftpd

Timeline

PublishedMay 2

Latest updateMay 3

Description

The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDwashington_university/wu-ftpd2.6.1, 2.6.2+1

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-52rf-pfj9-676q: The wu_fnmatch function in wu_fnmatch↗2022-05-03

▶

CVEList

CVE-2005-0256: The wu_fnmatch function in wu_fnmatch↗2005-02-25

▶

💥Exploits & PoCs

Exploit-DB

WU-FTPD 2.6.2 - File Globbing Denial of Service↗2005-02-25

▶

📋Vendor Advisories

Red Hat

CVE-2005-0256: The wu_fnmatch function in wu_fnmatch↗

▶

💬Community

Bugzilla

CAN-2005-0256 wu-ftpd DoS↗2005-03-10

▶