FTP Service Vulnerability in LightFTP Affected by Anomalous Data
CVE-2024-11144

7.5HIGH

Key Information:

Vendor: Lightftp
Status: Lightftp
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-11144?

CVE-2024-11144 is a critical security vulnerability in the LightFTP Server that results from a lack of thread safety. This vulnerability can be exploited by an anonymous user sending anomalous data over a remote network, leading to a denial of service. When the FTP service crashes, it affects all users relying on it for file transfers, potentially resulting in incomplete, corrupt file transfers and impacting overall system stability, particularly if resource leaks occur or other services are disrupted. Users of LightFTP are strongly advised to implement immediate security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

LightFTP 2.3

References

https://www.blackduck.com/blog/cyrc-advisory-LightFTP.html

third-party-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Nov 12, 2024

Credit

Kari Hulkko

Lightftp

What is CVE-2024-11144?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit