{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T19:47:14.190","vulnerabilities":[{"cve":{"id":"CVE-2020-5204","sourceIdentifier":"security-advisories@github.com","published":"2020-01-06T20:15:12.523","lastModified":"2026-06-17T03:21:01.160","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len(&#39;255.255.255.255&#39;) == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11"},{"lang":"es","value":"En uftpd versiones anteriores a la versión  2.11, hay una vulnerabilidad de desbordamiento de búfer en la función handle_PORT en el archivo ftpcmd.c que es causada por un búfer de 16 bytes de tamaño que está siendo llenado por medio de la función sprintf() con una entrada de usuario basada en la cadena del especificador de formato %d.%d.%d.%d. El tamaño de 16 bytes es correcto para direcciones IPv4 válidas (len('255.255.255.255') == 16), pero el especificador de formato %d permite más de 3 dígitos. Esto se ha solucionado en la versión 2.11"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"troglobit","product":"uftpd","versions":[{"version":"< 2.11","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.3,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:troglobit:uftpd:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11","matchCriteriaId":"91EBCEEE-1F37-42E3-8C48-41BF050C3BE7"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html","source":"security-advisories@github.com"},{"url":"https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/troglobit/uftpd/security/advisories/GHSA-wrpr-xw7q-9wvq","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}