CVE-2011-0418
EPSS 12.3%
Description
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
How to fix CVE-2011-0418
To remediate CVE-2011-0418, upgrade the affected package to a fixed version below.
- Debian/pure-ftpd—upgrade to 1.0.32-1 or later
Is CVE-2011-0418 being exploited?
Moderate — EPSS is 12.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.0.32-1