Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-9274 PoC — Pure-FTPd 缓冲区错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2020/CVE-2020-9274.yaml
Associated Vulnerability
Title:Pure-FTPd 缓冲区错误漏洞 (CVE-2020-9274)
Description:An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
Description
Pure-FTPd versions ≤ 1.0.49 (>= ~0.96) contain a vulnerability in the init_aliases() function within diraliases.c when processing aliases. This leads to access of an uninitialized pointer, which can cause a denial of service (DoS) condition.
File Snapshot

 id: CVE-2020-9274

info:
  name: Pure-FTPd ≤ 1.0.49 - DoS via Uninitialized Pointer
  author: pussyc

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →