CVE-2020-9365
published 2020-02-24CVE-2020-9365: An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.94%
93.3th percentile
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pure-ftpd | < pure-ftpd 1.0.49-3 (bookworm) | pure-ftpd 1.0.49-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| pureftpd | pure-ftpd | — | — |
| pureftpd | pure-ftpd | >= 0 < 1.0.49-3 | 1.0.49-3 |
| pureftpd | pure-ftpd | >= 0 < 1.0.49-3 | 1.0.49-3 |
| pureftpd | pure-ftpd | >= 0 < 1.0.49-3 | 1.0.49-3 |
Detection & IOCsextracted from sources · hover to see the quote
otherPure-FTPd 1.0.24
- →Detect vulnerable Pure-FTPd instances by banner-grabbing on TCP port 21 and matching the 'Pure-FTPd' string in the server response alongside version 1.0.24 (or 1.0.49 unpatched).
- →Use Shodan query 'product:"Pure-FTPd" version:"1.0.24"' to identify exposed vulnerable instances.
- →The vulnerability is an OOB read in the pure_strcmp function within utils.c; focus code review and static analysis on this function in Pure-FTPd 1.0.49 and earlier. ↗
- ·The Nuclei template targets Pure-FTPd 1.0.24 in its version matcher, but the CVE was officially reported against Pure-FTPd 1.0.49; detection logic should be validated against the correct affected version range.
- ·The fix was applied in Debian package version 1.0.49-3; systems running unpatched 1.0.49 remain vulnerable. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3863-h4xw-2xv3: An issue was discovered in Pure-FTPd 1
ghsa_unreviewed·2022-05-24
CVE-2020-9365 [MEDIUM] CWE-125 GHSA-3863-h4xw-2xv3: An issue was discovered in Pure-FTPd 1
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
OSV
CVE-2020-9365: An issue was discovered in Pure-FTPd 1
osv·2020-02-24·CVSS 7.5
CVE-2020-9365 [HIGH] CVE-2020-9365: An issue was discovered in Pure-FTPd 1
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
Debian
CVE-2020-9365: pure-ftpd - An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has bee...
vendor_debian·2020·CVSS 7.5
CVE-2020-9365 [HIGH] CVE-2020-9365: pure-ftpd - An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has bee...
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
Scope: local
bookworm: resolved (fixed in 1.0.49-3)
bullseye: resolved (fixed in 1.0.49-3)
sid: resolved (fixed in 1.0.49-3)
trixie: resolved (fixed in 1.0.49-3)
No detection rules found.
Nuclei
Pure-FTPd 1.0.24 - Security Vulnerability
nuclei·CVSS 7.5
CVE-2020-9365 [HIGH] Pure-FTPd 1.0.24 - Security Vulnerability
Pure-FTPd 1.0.24 - Security Vulnerability
Pure-FTPd 1.0.24 contains security vulnerabilities that could allow attackers to exploit the FTP server. This version is known to have various security issues that could lead to unauthorized access or other security implications.
Template:
id: CVE-2020-9365
info:
name: Pure-FTPd 1.0.24 - Security Vulnerability
author: pussycat0x
severity: medium
description: |
Pure-FTPd 1.0.24 contains security vulnerabilities that could allow attackers to exploit the FTP server. This version is known to have various security issues that could lead to unauthorized access or other security implications.
impact: |
Attackers can exploit various security vulnerabilities in Pure-FTPd 1.0.24 to potentially gain unauthorized access to the FTP server or compromise its
Bugzilla
CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c [epel-all]
bugzilla·2020-04-28·CVSS 7.5
CVE-2020-9365 [HIGH] CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c [epel-all]
CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c
bugzilla·2020-04-28·CVSS 7.5
CVE-2020-9365 [HIGH] CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c
CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
Reference:
https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58e
Discussion:
Created pure-ftpd tracking bugs for this issue:
Affects: epel-all [bug 1828689]
Affects: fedora-all [bug 1828688]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c [fedora-all]
bugzilla·2020-04-28·CVSS 7.5
CVE-2020-9365 [HIGH] CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c [fedora-all]
CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported vers
arXiv
LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models
arxiv_fulltext·2025-07-22
LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models
LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models
Ahmed Lekssays1*, Hamza Mouhcine1*, Khang Tran2, Ting Yu3, Issa Khalil1
1Qatar Computing Research Institute, 2New Jersey Institute of Technology,
3Mohamed bin Zayed University of Artificial Intelligence
\alekssays, hmouhcine, ikhalil\@hbku.edu.qa, \ [email protected], [email protected]
* Joint first authors with equal contribution
empty
empty
## Abstract
Software vulnerabilities present a persistent security challenge, with over 25,000 new vulnerabilities reported in the Common Vulnerabilities and Exposures (CVE) database in 2024 alone. While deep learning based approaches show promise for vulnerability detection, recent studies reveal critical limitations in terms of accuracy and r
https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58ehttps://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579dahttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/https://security.gentoo.org/glsa/202003-54https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b58ehttps://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579dahttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA/https://security.gentoo.org/glsa/202003-54
2020-02-24
Published