CVE-2024-11144 — HIGH (7.5)

Vulnerability Description

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Related Weaknesses (CWE)

CWE-362

References

https://www.blackduck.com/blog/cyrc-advisory-LightFTP.html

FAQ

What is CVE-2024-11144?

CVE-2024-11144 is a vulnerability with a CVSS score of 7.5 (HIGH). The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and pro...

How severe is CVE-2024-11144?

CVE-2024-11144 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-11144?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.