CVE-2022-46378
CVE-2022-46378
In short
A flaw in the FTP server's PORT command allows an attacker to send malformed network packets that crash the service, causing it to stop working temporarily. This happens when the PORT command is sent without the required port number.
Technical detail
An out-of-bounds read vulnerability in Weston Embedded uC-FTPs v1.98.00 occurs when the PORT command is processed without a port argument, allowing a remote attacker to trigger denial of service by sending specially-crafted FTP packets. The attack requires network access to the FTP service and results in service unavailability.
Summary generated and translated by AI from the official description.
An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Weston Embedded · uC-FTPsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →