Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for uC-FTPs by Weston Embedded

    CVE-2022-46378 (GCVE-0-2022-46378)

    Vulnerability from nvd – Published: 2023-05-10 15:23 – Updated: 2025-11-04 19:14
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-823 - Use of Out-of-range Pointer Offset
    Assigner
    Impacted products
    Vendor Product Version
    Weston Embedded uC-FTPs Affected: v 1.98.00
    Create a notification for this product.
    Credits
    Discovered by Kelly Leuschner of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:14:25.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              },
              {
                "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46378",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T18:04:38.566449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T18:05:04.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uC-FTPs",
              "vendor": "Weston Embedded",
              "versions": [
                {
                  "status": "affected",
                  "version": "v 1.98.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Kelly Leuschner of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-823",
                  "description": "CWE-823: Use of Out-of-range Pointer Offset",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T17:00:06.217Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
            },
            {
              "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
              "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2022-46378",
        "datePublished": "2023-05-10T15:23:52.423Z",
        "dateReserved": "2022-12-02T18:54:51.872Z",
        "dateUpdated": "2025-11-04T19:14:25.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46377 (GCVE-0-2022-46377)

    Vulnerability from nvd – Published: 2023-05-10 15:23 – Updated: 2025-11-04 19:14
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-823 - Use of Out-of-range Pointer Offset
    Assigner
    Impacted products
    Vendor Product Version
    Weston Embedded uC-FTPs Affected: v 1.98.00
    Create a notification for this product.
    Credits
    Discovered by Kelly Leuschner of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:14:24.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              },
              {
                "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46377",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T18:03:49.628124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T18:03:56.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uC-FTPs",
              "vendor": "Weston Embedded",
              "versions": [
                {
                  "status": "affected",
                  "version": "v 1.98.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Kelly Leuschner of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-823",
                  "description": "CWE-823: Use of Out-of-range Pointer Offset",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T17:00:06.089Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
            },
            {
              "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
              "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2022-46377",
        "datePublished": "2023-05-10T15:23:52.324Z",
        "dateReserved": "2022-12-02T18:54:51.872Z",
        "dateUpdated": "2025-11-04T19:14:24.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-41985 (GCVE-0-2022-41985)

    Vulnerability from nvd – Published: 2023-05-10 15:23 – Updated: 2025-01-24 18:05
    VLAI
    Summary
    An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-303 - Incorrect Implementation of Authentication Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Weston Embedded uC-FTPs Affected: v 1.98.00
    Create a notification for this product.
    Credits
    Discovered by Kelly Leuschner of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680"
              },
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"
              },
              {
                "name": "https://github.com/weston-embedded/uC-FTPs/pull/1",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/weston-embedded/uC-FTPs/pull/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41985",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T18:05:33.183208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T18:05:37.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uC-FTPs",
              "vendor": "Weston Embedded",
              "versions": [
                {
                  "status": "affected",
                  "version": "v 1.98.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Kelly Leuschner of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-303",
                  "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T17:00:05.769Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"
            },
            {
              "name": "https://github.com/weston-embedded/uC-FTPs/pull/1",
              "url": "https://github.com/weston-embedded/uC-FTPs/pull/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2022-41985",
        "datePublished": "2023-05-10T15:23:52.853Z",
        "dateReserved": "2022-11-29T19:21:47.374Z",
        "dateUpdated": "2025-01-24T18:05:37.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41985 (GCVE-0-2022-41985)

    Vulnerability from cvelistv5 – Published: 2023-05-10 15:23 – Updated: 2025-01-24 18:05
    VLAI
    Summary
    An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-303 - Incorrect Implementation of Authentication Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Weston Embedded uC-FTPs Affected: v 1.98.00
    Create a notification for this product.
    Credits
    Discovered by Kelly Leuschner of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:56:39.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1680"
              },
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"
              },
              {
                "name": "https://github.com/weston-embedded/uC-FTPs/pull/1",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/weston-embedded/uC-FTPs/pull/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41985",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T18:05:33.183208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T18:05:37.345Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uC-FTPs",
              "vendor": "Weston Embedded",
              "versions": [
                {
                  "status": "affected",
                  "version": "v 1.98.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Kelly Leuschner of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-303",
                  "description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T17:00:05.769Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1680"
            },
            {
              "name": "https://github.com/weston-embedded/uC-FTPs/pull/1",
              "url": "https://github.com/weston-embedded/uC-FTPs/pull/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2022-41985",
        "datePublished": "2023-05-10T15:23:52.853Z",
        "dateReserved": "2022-11-29T19:21:47.374Z",
        "dateUpdated": "2025-01-24T18:05:37.345Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46378 (GCVE-0-2022-46378)

    Vulnerability from cvelistv5 – Published: 2023-05-10 15:23 – Updated: 2025-11-04 19:14
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-823 - Use of Out-of-range Pointer Offset
    Assigner
    Impacted products
    Vendor Product Version
    Weston Embedded uC-FTPs Affected: v 1.98.00
    Create a notification for this product.
    Credits
    Discovered by Kelly Leuschner of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:14:25.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              },
              {
                "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46378",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T18:04:38.566449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T18:05:04.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uC-FTPs",
              "vendor": "Weston Embedded",
              "versions": [
                {
                  "status": "affected",
                  "version": "v 1.98.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Kelly Leuschner of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-823",
                  "description": "CWE-823: Use of Out-of-range Pointer Offset",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T17:00:06.217Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
            },
            {
              "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
              "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2022-46378",
        "datePublished": "2023-05-10T15:23:52.423Z",
        "dateReserved": "2022-12-02T18:54:51.872Z",
        "dateUpdated": "2025-11-04T19:14:25.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-46377 (GCVE-0-2022-46377)

    Vulnerability from cvelistv5 – Published: 2023-05-10 15:23 – Updated: 2025-11-04 19:14
    VLAI
    Summary
    An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-823 - Use of Out-of-range Pointer Offset
    Assigner
    Impacted products
    Vendor Product Version
    Weston Embedded uC-FTPs Affected: v 1.98.00
    Create a notification for this product.
    Credits
    Discovered by Kelly Leuschner of Cisco Talos.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T19:14:24.229Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              },
              {
                "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
              },
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46377",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-24T18:03:49.628124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-24T18:03:56.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "uC-FTPs",
              "vendor": "Weston Embedded",
              "versions": [
                {
                  "status": "affected",
                  "version": "v 1.98.00"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Discovered by Kelly Leuschner of Cisco Talos."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-823",
                  "description": "CWE-823: Use of Out-of-range Pointer Offset",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T17:00:06.089Z",
            "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
            "shortName": "talos"
          },
          "references": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
            },
            {
              "name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
              "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "assignerShortName": "talos",
        "cveId": "CVE-2022-46377",
        "datePublished": "2023-05-10T15:23:52.324Z",
        "dateReserved": "2022-12-02T18:54:51.872Z",
        "dateUpdated": "2025-11-04T19:14:24.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }