CVE-2019-20176
published 2019-12-31CVE-2019-20176: In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
4.37%
90.0th percentile
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pure-ftpd | < pure-ftpd 1.0.49-2 (bookworm) | pure-ftpd 1.0.49-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| pureftpd | pure-ftpd | — | — |
| pureftpd | pure-ftpd | >= 0 < 1.0.49-2 | 1.0.49-2 |
| pureftpd | pure-ftpd | >= 0 < 1.0.49-2 | 1.0.49-2 |
| pureftpd | pure-ftpd | >= 0 < 1.0.49-2 | 1.0.49-2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fgwh-frh9-vm43: In Pure-FTPd 1
ghsa_unreviewed·2022-05-24
CVE-2019-20176 [MEDIUM] CWE-400 GHSA-fgwh-frh9-vm43: In Pure-FTPd 1
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
OSV
CVE-2019-20176: In Pure-FTPd 1
osv·2019-12-31·CVSS 7.5
CVE-2019-20176 [HIGH] CVE-2019-20176: In Pure-FTPd 1
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Debian
CVE-2019-20176: pure-ftpd - In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir func...
vendor_debian·2019·CVSS 7.5
CVE-2019-20176 [HIGH] CVE-2019-20176: pure-ftpd - In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir func...
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Scope: local
bookworm: resolved (fixed in 1.0.49-2)
bullseye: resolved (fixed in 1.0.49-2)
sid: resolved (fixed in 1.0.49-2)
trixie: resolved (fixed in 1.0.49-2)
No detection rules found.
Exploit-DB
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
exploitdb·2025-04-03·CVSS 6.5
CVE-2024-38200 [MEDIUM] Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
---
# Exploit Title: Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://www.office.com/
# Software Link: https://www.office.com/
# Details: https://github.com/passtheticket/CVE-2024-38200
# Version: Microsoft Office 2019 MSO Build 1808 (16.0.10411.20011), Microsoft 365 MSO (Version 2403 Build 16.0.17425.20176)
# Tested against: Windows 11
# CVE: CVE-2024-38200
# Description
MS Office URI schemes allow for fetching a document from remote source.
MS URI scheme format is ':"|" "|"' .
Example: ms-word:ofe|u|http://hostname:port/leak.docx
When the URI "ms-word:ofe|u|http://hostname:port/leak.docx" is invoked from a victim computer. This behaviour is abus
Nuclei
Pure-FTPd < 1.0.50 - DoS via Resource Exhaustion
nuclei·CVSS 7.5
CVE-2019-20176 [HIGH] Pure-FTPd < 1.0.50 - DoS via Resource Exhaustion
Pure-FTPd < 1.0.50 - DoS via Resource Exhaustion
Pure-FTPd versions prior to 1.0.50 are vulnerable to resource exhaustion leading to denial of service. The vulnerability occurs in the listdir() function when processing crafted LIST commands, causing stack exhaustion that can crash the FTP server.
Template:
id: CVE-2019-20176
info:
name: Pure-FTPd < 1.0.50 - DoS via Resource Exhaustion
author: pussycat0x
severity: high
description: |
Pure-FTPd versions prior to 1.0.50 are vulnerable to resource exhaustion leading to denial of service. The vulnerability occurs in the listdir() function when processing crafted LIST commands, causing stack exhaustion that can crash the FTP server.
impact: |
Unauthenticated attackers can send crafted LIST commands to exhaust stack resources in the listdir()
Bugzilla
CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c
bugzilla·2020-01-27·CVSS 7.5
CVE-2019-20176 [HIGH] CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c
CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c
A vulnerability was found in Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir
function in ls.c.
Reference:
https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
Discussion:
Created pure-ftpd tracking bugs for this issue:
Affects: epel-all [bug 1795153]
Affects: fedora-all [bug 1795152]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c [fedora-all]
bugzilla·2020-01-27·CVSS 7.5
CVE-2019-20176 [HIGH] CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c [fedora-all]
CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c [epel-all]
bugzilla·2020-01-27·CVSS 7.5
CVE-2019-20176 [HIGH] CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c [epel-all]
CVE-2019-20176 pure-ftpd: stack exhaustion in function listdir in ls.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
2019-12-31
Published