Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6565

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

4.0MEDIUM

EPSS

71.5%

top 1.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Filezilla-project Filezilla Server

Timeline

PublishedDec 15

Latest updateMay 1

Description

FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfilezilla-project/filezilla_server< 0.9.22

🔴Vulnerability Details

GHSA

GHSA-42fr-8xjf-ghxh: FileZilla Server before 0↗2022-05-01

▶

CVEList

CVE-2006-6565: FileZilla Server before 0↗2006-12-15

▶

💥Exploits & PoCs

Exploit-DB

FileZilla FTP Server 0.9.21 - 'LIST/NLST' Denial of Service↗2006-12-11

▶

Nuclei

FileZilla Server < 0.9.22 - DoS via Wildcard Commands

▶

💬Community

Bugzilla

CVE-2006-6565 filezilla: allows remote attackers to cause a denial of service via wildcard argument↗2020-07-30

▶