CVE Vulnerabilities

CVE-2004-0342

Off-by-one Error

Published: Nov 23, 2004 | Modified: Feb 16, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

Weakness

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Software

Name Vendor Start Version End Version
Wftpd_pro_server Wftpd_pro_server_project 3.21-r1 (including) 3.21-r1 (including)

Potential Mitigations

References