cbcvebase.
CVE-2011-0418
published 2011-05-24

CVE-2011-0418: The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows…

PriorityP423medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
7.26%
93.6th percentile
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

Affected

123 ranges· showing 25
VendorProductVersion rangeFixed in
debianpure-ftpd< pure-ftpd 1.0.32-1 (bookworm)pure-ftpd 1.0.32-1 (bookworm)
netbsdnetbsd
openbsdopenbsd<= 4.8
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd
openbsdopenbsd

CVSS provenance

nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM
vendor_debian4.0LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.