CVE-2024-48208: 
Pure-FTPd vulnerability analysis and mitigation

Pure-FTPd versions before 1.0.52 contain a buffer overflow vulnerability identified as CVE-2024-48208. The vulnerability specifically involves an out-of-bounds read in the domlsd() function of the ls.c file. This security issue was discovered and disclosed in October 2024 (NVD).

The vulnerability stems from improper bounds checking in the domlsd() function within the ls.c file. The issue occurs when the base pointer is not properly checked before incrementing, potentially allowing it to cross the cmd buffer boundaries, resulting in out-of-bounds read errors. The vulnerability has been assigned a CVSS 3.1 Base Score of 8.6 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H (NVD).

The vulnerability can lead to buffer overflow conditions, potentially allowing attackers to cause denial of service or execute arbitrary code. The CVSS scoring indicates that the vulnerability can result in low confidentiality and integrity impact, but high availability impact (NVD).

The vulnerability has been fixed in Pure-FTPd version 1.0.52. Users are advised to upgrade to this version or later to address the security issue. The fix involves proper boundary checking in the domlsd() function (NVD, Debian Tracker).