Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-22551
CVE-2023-22551:
NixOS vulnerability analysis and mitigation
Overview
The FTP project through version 96c1a35 contains a memory leak vulnerability (CVE-2023-22551) that allows remote attackers to cause a denial of service condition. The vulnerability was discovered and disclosed in January 2023 (NVD).
Technical details
The vulnerability exists in the serveclient function within serverftp.c where memory allocated via malloc is never freed. Specifically, the issue occurs at line 53 where 'struct packet data = (struct packet) malloc(size_packet)' allocates memory that is not subsequently deallocated. When analyzed with AddressSanitizer, the vulnerability shows a direct leak of 512 bytes in one object and 8 bytes in another object, totaling 520 bytes leaked per connection (GitHub Issue).
Impact
The vulnerability results in memory leaks that accumulate with each client connection, eventually leading to resource exhaustion and denial of service on the affected FTP server. This can cause the server to become unresponsive or crash, disrupting file transfer services (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management