Refine your search
4 vulnerabilities found for uC-FTPs by Weston Embedded
CVE-2022-46378 (GCVE-0-2022-46378)
Vulnerability from nvd
Published
2023-05-10 15:23
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - Use of Out-of-range Pointer Offset
Summary
An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Weston Embedded | uC-FTPs |
Version: v 1.98.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:25.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"tags": [
"x_transferred"
],
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46378",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T18:04:38.566449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T18:05:04.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "uC-FTPs",
"vendor": "Weston Embedded",
"versions": [
{
"status": "affected",
"version": "v 1.98.00"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Leuschner of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823: Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T17:00:06.217Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-46378",
"datePublished": "2023-05-10T15:23:52.423Z",
"dateReserved": "2022-12-02T18:54:51.872Z",
"dateUpdated": "2025-11-04T19:14:25.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-46377 (GCVE-0-2022-46377)
Vulnerability from nvd
Published
2023-05-10 15:23
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - Use of Out-of-range Pointer Offset
Summary
An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Weston Embedded | uC-FTPs |
Version: v 1.98.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"tags": [
"x_transferred"
],
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46377",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T18:03:49.628124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T18:03:56.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "uC-FTPs",
"vendor": "Weston Embedded",
"versions": [
{
"status": "affected",
"version": "v 1.98.00"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Leuschner of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823: Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T17:00:06.089Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-46377",
"datePublished": "2023-05-10T15:23:52.324Z",
"dateReserved": "2022-12-02T18:54:51.872Z",
"dateUpdated": "2025-11-04T19:14:24.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-46378 (GCVE-0-2022-46378)
Vulnerability from cvelistv5
Published
2023-05-10 15:23
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - Use of Out-of-range Pointer Offset
Summary
An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Weston Embedded | uC-FTPs |
Version: v 1.98.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:25.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"tags": [
"x_transferred"
],
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46378",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T18:04:38.566449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T18:05:04.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "uC-FTPs",
"vendor": "Weston Embedded",
"versions": [
{
"status": "affected",
"version": "v 1.98.00"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Leuschner of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823: Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T17:00:06.217Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-46378",
"datePublished": "2023-05-10T15:23:52.423Z",
"dateReserved": "2022-12-02T18:54:51.872Z",
"dateUpdated": "2025-11-04T19:14:25.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-46377 (GCVE-0-2022-46377)
Vulnerability from cvelistv5
Published
2023-05-10 15:23
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-823 - Use of Out-of-range Pointer Offset
Summary
An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Weston Embedded | uC-FTPs |
Version: v 1.98.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"tags": [
"x_transferred"
],
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46377",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T18:03:49.628124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T18:03:56.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "uC-FTPs",
"vendor": "Weston Embedded",
"versions": [
{
"status": "affected",
"version": "v 1.98.00"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Leuschner of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823: Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T17:00:06.089Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"
},
{
"name": "https://github.com/weston-embedded/uC-FTPs/pull/2",
"url": "https://github.com/weston-embedded/uC-FTPs/pull/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-46377",
"datePublished": "2023-05-10T15:23:52.324Z",
"dateReserved": "2022-12-02T18:54:51.872Z",
"dateUpdated": "2025-11-04T19:14:24.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}