CVE-2024-48208
published 2024-10-24CVE-2024-48208: pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
PriorityP355high8.6CVSS 3.1
AVNACLPRNUINSUCLILAH
EXPLOIT
EPSS
1.51%
71.3th percentile
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pure-ftpd | — | — |
| pureftpd | pure-ftpd | < 1.0.52 | 1.0.52 |
Detection & IOCsextracted from sources · hover to see the quote
otherproduct:"Pure-FTPd"
yara
contains(raw, 'Pure-FTPd') AND compare_versions(version, '< 1.0.52')
- →Detect vulnerable Pure-FTPd banners by matching the version string from the FTP banner response against versions prior to 1.0.52 using the regex pattern 'Pure-FTPd ([0-9.]+)'.
- →Send a hex null-byte probe (00000000) to port 21 and inspect the raw response for the 'Pure-FTPd' banner string to fingerprint the service.
- →Use Shodan to identify exposed Pure-FTPd instances via the query product:"Pure-FTPd" for pre-scan reconnaissance.
- →The vulnerability is in the domlsd() function of ls.c; look for out-of-bounds read crashes or anomalous FTP LIST/MLSD command responses as a runtime indicator. ↗
- ·The Nuclei template uses a read-size of 1024 bytes; larger FTP banners or multi-line responses may be truncated, potentially causing false negatives during version extraction.
- ·Debian distributions (bookworm, bullseye, sid, trixie) are listed as 'open' (unpatched) as of the advisory; scope is noted as 'local' in the Debian tracker, which may affect exploitability assessment in those environments. ↗
- ·The detection condition requires BOTH the 'Pure-FTPd' banner string AND a version below 1.0.52; if the banner omits the version number, the version comparator will not fire and the check will produce a false negative.
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
osv8.6HIGH
vendor_debian8.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrmj-qxgv-v296: pure-ftpd before 1
ghsa_unreviewed·2024-10-24
CVE-2024-48208 [HIGH] CWE-125 GHSA-rrmj-qxgv-v296: pure-ftpd before 1
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
OSV
CVE-2024-48208: pure-ftpd before 1
osv·2024-10-24·CVSS 8.6
CVE-2024-48208 [HIGH] CVE-2024-48208: pure-ftpd before 1
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
Debian
CVE-2024-48208: pure-ftpd - pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bou...
vendor_debian·2024·CVSS 8.6
CVE-2024-48208 [HIGH] CVE-2024-48208: pure-ftpd - pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bou...
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
Scope: local
bookworm: open
bullseye: open
sid: open
trixie: open
No detection rules found.
Nuclei
Pure-FTPd < 1.0.52 - Buffer Overflow
nuclei·CVSS 8.6
CVE-2024-48208 [HIGH] Pure-FTPd < 1.0.52 - Buffer Overflow
Pure-FTPd < 1.0.52 - Buffer Overflow
Pure-FTPd versions prior to 1.0.52 contain a buffer overflow vulnerability due to an out-of-bounds read in the domlsd() function within the ls.c file. This vulnerability could allow attackers to execute arbitrary code on affected systems.
Template:
id: CVE-2024-48208
info:
name: Pure-FTPd < 1.0.52 - Buffer Overflow
author: pussycat0x
severity: high
description: |
Pure-FTPd versions prior to 1.0.52 contain a buffer overflow vulnerability due to an out-of-bounds read in the domlsd() function within the ls.c file. This vulnerability could allow attackers to execute arbitrary code on affected systems.
impact: |
Attackers can trigger a buffer overflow in the domlsd() function through crafted FTP commands, potentially executing arbitrary code on the FTP s
No writeups or analysis indexed.
2024-10-24
Published