CVE-2021-30047
published 2023-08-22CVE-2021-30047: VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
3.07%
86.0th percentile
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vsftpd_project | vsftpd | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p8mp-mm84-7pqr: VSFTPD 3
ghsa_unreviewed·2023-08-22
CVE-2021-30047 [HIGH] GHSA-p8mp-mm84-7pqr: VSFTPD 3
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Red Hat
vsftpd: denial of service due to limited number of connections allowed
vendor_redhat·2023-08-22·CVSS 7.5
CVE-2021-30047 [HIGH] CWE-400 vsftpd: denial of service due to limited number of connections allowed
vsftpd: denial of service due to limited number of connections allowed
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
VSFTPD is vulnerable to a denial of service, caused by only a limited number of connections allowed, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Statement: vsftpd has a configurable limit to the number of concurrent clients which can be accepted, max_clients. Obviously if this number is exceeded then service is denied to other clients. It is normal practice is to use e.g. firewall rules to limit denial of service attacks.
As such, Red Hat does not consider this to be a real vulnerability.
Package: vsftpd (Red Hat Enterprise Linux 10) - Not affected
Package: vsftpd (
No detection rules found.
Nuclei
vsftpd < 3.0.3 - DoS
nuclei·CVSS 7.5
CVE-2021-30047 [HIGH] vsftpd < 3.0.3 - DoS
vsftpd < 3.0.3 - DoS
vsftpd before 3.0.3 allows remote attackers to cause a denial of service by sending a crafted FTP command.
Template:
id: CVE-2021-30047
info:
name: vsftpd < 3.0.3 - DoS
author: pussycat0x
severity: high
description: |
vsftpd before 3.0.3 allows remote attackers to cause a denial of service by sending a crafted FTP command.
impact: |
Attackers can send crafted FTP commands to crash the vsftpd daemon, causing denial of service and interrupting FTP services for legitimate users.
remediation: |
Upgrade to vsftpd version 3.0.3 or later that addresses the denial of service vulnerability.
reference:
- https://github.com/kuppamjohari/vsftpd-3.0.3-DoS
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2021-30047
epss-score
2023-08-22
Published