Improper input validation in Netbsd

CVE-2011-0418

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.123 (94.0th percentile) — read the EPSS interpretation.

Affected products

Netbsd — versions 5.1
Pureftpd Pure-ftpd — versions 0.90, 0.91, 0.92
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cret@cert.org (x_refsource_CONFIRM, Patch)
ADV-2011-1273 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
MDVSA-2011:094 (vendor-advisory, x_refsource_MANDRIVA)
cret@cert.org (x_refsource_CONFIRM, Patch)
cret@cert.org (x_refsource_CONFIRM)
47671 (Exploit, vdb-entry, x_refsource_BID)
20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion (x_refsource_SREASONRES, Exploit, third-party-advisory)
8228 (x_refsource_SREASON, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM)