CVE-2015-5917
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
09/10/2015
Last modified:
12/04/2025
Description
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:netbsd:tnftpd:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.securityfocus.com/bid/76908
- http://www.securitytracker.com/id/1033703
- https://cxsecurity.com/issue/WLB-2013040082
- https://support.apple.com/HT205267
- https://www.youtube.com/watch?v=MBK4QYkUm10
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.securityfocus.com/bid/76908
- http://www.securitytracker.com/id/1033703
- https://cxsecurity.com/issue/WLB-2013040082
- https://support.apple.com/HT205267
- https://www.youtube.com/watch?v=MBK4QYkUm10