CVE-2023-2990

CVSS V2 None CVSS V3 None

Description

Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service

Overview

CVE ID
CVE-2023-2990

Assigner
rapid7

Vulnerability Status
PUBLISHED

Published Version
2023-06-22T19:17:28.531Z

Last Modified Date
2023-06-22T19:17:28.531Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

References

Reference URL	Reference Tags
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2990
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2990

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 21:52:06				Added to TrackCVE