CVE-2022-46377

Source
https://cve.org/CVERecord?id=CVE-2022-46377
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46377.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46377
Published
2023-05-10T15:23:52.324Z
Modified
2026-07-08T06:04:19.772741637Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the PORT command.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46377.json",
    "cwe_ids": [
        "CWE-823"
    ],
    "cna_assigner": "talos"
}
References

Affected packages

Git / github.com/weston-embedded/uc-ftps

Affected ranges

Type
GIT
Repo
https://github.com/weston-embedded/uc-ftps
Events
Database specific
{
    "cpe": "cpe:2.3:a:weston-embedded:uc-ftps:1.98.00:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "v 1.98.00"
        },
        {
            "last_affected": "v 1.98.00"
        },
        {
            "introduced": "1.98.00"
        },
        {
            "last_affected": "1.98.00"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ]
}

Affected versions

1.*
1.98.00
v 1.*
v 1.98.00
v1.*
v1.98.00

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46377.json"