← back
CVE-2015-5917

CVE-2015-5917

EPSS 2.7%
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttps://cxsecurity.com/issue/WLB-2013040082https://support.apple.com/HT205267https://www.youtube.com/watch?v=MBK4QYkUm10http://www.securityfocus.com/bid/76908http://www.securitytracker.com/id/1033703