The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2015-10-09T01:00:00
Updated: 2016-12-06T18:57:01
Reserved: 2015-08-06T00:00:00
Link: CVE-2015-5917
JSON object: View
NVD Information
Status : Modified
Published: 2015-10-09T05:59:35.357
Modified: 2016-12-08T03:11:30.423
Link: CVE-2015-5917
JSON object: View
Redhat Information
No data.
CWE