Home > Vulnerability Database > CVE-2024-11144

Mend.io Vulnerability Database

CVE-2024-11144

Date: December 16, 2024

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services.

Language: C

Severity Score

7.5

Related Resources (3)

Url: https://www.blackduck.com/blog/cyrc-advisory-LightFTP.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-11144

Url: https://www.mend.io/vulnerability-database/CVE-2024-11144

Severity Score

7.5

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-11144

Date: December 16, 2024

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?