Denial of Service Vulnerability in tnftpd's Glob Implementation

Denial of Service Vulnerability in tnftpd's Glob Implementation

CVE-2015-5917 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.

Learn more about our Web Application Penetration Testing UK.