Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 11 May 2020 14:28:56 -0700
From: Brennan Ashton <>
Subject: [CVE-2020-1939] Apache NuttX optional/example ftpd program NULL
 pointer bug

CVE-2020-1939: Apache NuttX optional/example ftpd program NULL pointer

Severity: Important

Apache NuttX (Incubating)

Versions Affected:
6.15 to 8.2 (all pre-date NuttX joining the Incubator)

The Apache NuttX (Incubating) project provides an optional separate
"apps" repository which contains various optional components and
example programs. One of these, ftpd, had a NULL pointer dereference
bug. The NuttX RTOS itself is not affected. Users of the optional apps
repository are affected only if they have enabled ftpd.

Users of affected versions should upgrade to 9.0.0 or apply the
following patch:

This issue was discovered by Jakub Botwicz of Samsung R&D Poland.


Brennan Ashton

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.