CVE-2007-6740 — Allocation of Resources Without Limits or Throttling in Pyftpdlib

CWE-264 CWE-770 — Allocation of Resources Without Limits or Throttling5 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.5%

top 33.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 1

Description

The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.2.0

▶NVDg.rodola/pyftpdlib0.1.1+1

▶debiandebian/python-pyftpdlib

🔴Vulnerability Details

GHSA

pyftpdlib vulnerable to allocation of resources without limits↗2022-05-01

▶

OSV

pyftpdlib vulnerable to allocation of resources without limits↗2022-05-01

▶

OSV

CVE-2007-6740: The ftp_STOU function in FTPServer↗2010-10-19

▶

📋Vendor Advisories

Debian

CVE-2007-6740: python-pyftpdlib - The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit t...↗2007

▶