CVE-2019-20176
HIGH NUCLEIPure-FTPd 1.0.49 - Denial of Service via Stack Exhaustion in listdir Function
Title source: llmExploitation Summary
CVE-2019-20176 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
Nuclei Templates (1)
Pure-FTPd < 1.0.50 - DoS via Resource Exhaustion
HIGHVERIFIEDby pussycat0x
Shodan:
product:"pure-ftpd" version:"1.0.45" || cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/
Scores
CVSS v3
7.5
EPSS
0.0437
EPSS Percentile
90.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (3)
fedoraproject/fedora
30
fedoraproject/fedora
31
pureftpd/pure-ftpd
1.0.49
Published
Dec 31, 2019
Tracked Since
Feb 18, 2026