CVE-2020-1939NULL Pointer Dereference in Apache Nuttx

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Nuttx
Timeline
PublishedMay 12
Latest updateMay 24

Description

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDapache/nuttx6.158.2

Patches

Patch: lists.apache.orgPatch: lists.apache.org

🔴Vulnerability Details

2
GHSA
GHSA-cxvf-qrfm-r86m: The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs2022-05-24
CVEList
CVE-2020-1939: The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs2020-05-12

💬Community

1
Bugzilla
CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive2020-02-27
CVE-2020-1939 — NULL Pointer Dereference in Apache | cvebase