{"id":"CVE-2019-20176","details":"In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.","modified":"2026-04-16T04:33:17.518211728Z","published":"2019-12-31T15:15:11.223Z","related":["openSUSE-SU-2024:11773-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV/"},{"type":"FIX","url":"https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jedisct1/pure-ftpd","events":[{"introduced":"0"},{"last_affected":"c21b45fc752039bceed8c8d4a1b8b9818a2fde20"},{"fixed":"aea56f4bcb9948d456f3fae4d044fd3fa2e19706"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.49"}]}}],"versions":["1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39","1.0.40","1.0.41","1.0.43","1.0.44","1.0.45","1.0.48","1.0.49"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/ls.c"},"source":"https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["56445503046048394930460835168778733056","246405011480971568070211572262472919841","200412280742133149971641851506952845514","217944701692212553692763553707573105035","141489857341975874314917875217168091459","198737676652004034545438463689209181914","229404802347628598257585161679978625760","50171571296122931671985020404489725890","236852844768462659869856831426197593274","294136189931050001679159128676571279991","56029665179969632367734316365735055607","114784156564473469196101398068334715954","81371649570701425827271975410232115167","149792289911419395287061867004506234853","19270337055842385990470226442549447670","219803556575202816943100725653408716352","260528986579099520244532034040127847635","232905841969039681077691266846252072915","324445403454670848493801271911105018058","210940678765301106421924729221037700983","330577138534351162550467911665062544641","269822259840748273419484544635821532134","139218607653622710718688920222346559506","18379336389158258458791795342757866238","84928474189943885522301630519396609899"],"threshold":0.9},"id":"CVE-2019-20176-d43f31eb","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T09:39:51Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20176.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}