CVE-2011-0418 [Medium] | Input Validation Bypass in Pure-Ftpd

CVE-2011-0418 is rated Exploit Available (58.7/100): CVSS Medium severity, with high exploitation likelihood (EPSS 7.26%, 94th percentile). 3 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
24450	exploit_db	edb	2013-02-05	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

24450

exploit_db

edb

2013-02-05

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	12.28%	7.26%	-5.03%
2	2026-04-09	13.78%	12.28%	-1.50%
3	2026-01-31	—	13.78%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

12.28%

7.26%

-5.03%

2026-04-09

13.78%

12.28%

-1.50%

2026-01-31

—

13.78%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.0	2.0	MEDIUM	`AV:N/AC:L/Au:S/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	8.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.0

2.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

8.0

2.9

[email protected]

OS Trackers for CVE-2011-0418

vendor	priority	summary	link
`debian`	unimportant	CVE-2011-0418 unimportant priority: Debian including 1 source packages (pure-ftpd), 4 status rows across 4 suites (bookworm, bullseye, sid, trixie): resolved 4.	https://security-tracker.debian.org/tracker/CVE-2011-0418
`gentoo`	normal	CVE-2011-0418: 1 GLSA(s) (201110-25), 1 atom(s) (net-ftp/pure-ftpd); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2011-0418
`ubuntu`	medium	CVE-2011-0418 medium priority: Ubuntu including 1 source packages (pure-ftpd), 11 status rows across 11 suites (dapper, hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): ignored 5, not-affected 5, released 1.	https://ubuntu.com/security/CVE-2011-0418

Affected software / configurations for CVE-2011-0418

Vendor	Product	Version	Raw CPE
pureftpd	pure-ftpd	<= 1.0.31	cpe:2.3:a:pureftpd:pure-ftpd::::::::
pureftpd	pure-ftpd	0.90	cpe:2.3:a:pureftpd:pure-ftpd:0.90:::::::*
pureftpd	pure-ftpd	0.91	cpe:2.3:a:pureftpd:pure-ftpd:0.91:::::::*
pureftpd	pure-ftpd	0.92	cpe:2.3:a:pureftpd:pure-ftpd:0.92:::::::*
pureftpd	pure-ftpd	0.93	cpe:2.3:a:pureftpd:pure-ftpd:0.93:::::::*
pureftpd	pure-ftpd	0.94	cpe:2.3:a:pureftpd:pure-ftpd:0.94:::::::*
pureftpd	pure-ftpd	0.95	cpe:2.3:a:pureftpd:pure-ftpd:0.95:::::::*
pureftpd	pure-ftpd	0.95-pre1	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre1:::::::*
pureftpd	pure-ftpd	0.95-pre2	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre2:::::::*
pureftpd	pure-ftpd	0.95-pre3	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre3:::::::*
pureftpd	pure-ftpd	0.95-pre4	cpe:2.3:a:pureftpd:pure-ftpd:0.95-pre4:::::::*
pureftpd	pure-ftpd	0.95.1	cpe:2.3:a:pureftpd:pure-ftpd:0.95.1:::::::*
pureftpd	pure-ftpd	0.95.2	cpe:2.3:a:pureftpd:pure-ftpd:0.95.2:::::::*
pureftpd	pure-ftpd	0.96	cpe:2.3:a:pureftpd:pure-ftpd:0.96:::::::*
pureftpd	pure-ftpd	0.96.1	cpe:2.3:a:pureftpd:pure-ftpd:0.96.1:::::::*
pureftpd	pure-ftpd	0.96pre1	cpe:2.3:a:pureftpd:pure-ftpd:0.96pre1:::::::*
pureftpd	pure-ftpd	0.97-final	cpe:2.3:a:pureftpd:pure-ftpd:0.97-final:::::::*
pureftpd	pure-ftpd	0.97.1	cpe:2.3:a:pureftpd:pure-ftpd:0.97.1:::::::*
pureftpd	pure-ftpd	0.97.2	cpe:2.3:a:pureftpd:pure-ftpd:0.97.2:::::::*
pureftpd	pure-ftpd	0.97.3	cpe:2.3:a:pureftpd:pure-ftpd:0.97.3:::::::*
pureftpd	pure-ftpd	0.97.4	cpe:2.3:a:pureftpd:pure-ftpd:0.97.4:::::::*
pureftpd	pure-ftpd	0.97.5	cpe:2.3:a:pureftpd:pure-ftpd:0.97.5:::::::*
pureftpd	pure-ftpd	0.97.6	cpe:2.3:a:pureftpd:pure-ftpd:0.97.6:::::::*
pureftpd	pure-ftpd	0.97.7	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7:::::::*
pureftpd	pure-ftpd	0.97.7pre1	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre1:::::::*
pureftpd	pure-ftpd	0.97.7pre2	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre2:::::::*
pureftpd	pure-ftpd	0.97.7pre3	cpe:2.3:a:pureftpd:pure-ftpd:0.97.7pre3:::::::*
pureftpd	pure-ftpd	0.97pre1	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre1:::::::*
pureftpd	pure-ftpd	0.97pre2	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre2:::::::*
pureftpd	pure-ftpd	0.97pre3	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre3:::::::*
pureftpd	pure-ftpd	0.97pre4	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre4:::::::*
pureftpd	pure-ftpd	0.97pre5	cpe:2.3:a:pureftpd:pure-ftpd:0.97pre5:::::::*
pureftpd	pure-ftpd	0.98-final	cpe:2.3:a:pureftpd:pure-ftpd:0.98-final:::::::*
pureftpd	pure-ftpd	0.98.1	cpe:2.3:a:pureftpd:pure-ftpd:0.98.1:::::::*
pureftpd	pure-ftpd	0.98.2	cpe:2.3:a:pureftpd:pure-ftpd:0.98.2:::::::*
pureftpd	pure-ftpd	0.98.2a	cpe:2.3:a:pureftpd:pure-ftpd:0.98.2a:::::::*
pureftpd	pure-ftpd	0.98.3	cpe:2.3:a:pureftpd:pure-ftpd:0.98.3:::::::*
pureftpd	pure-ftpd	0.98.4	cpe:2.3:a:pureftpd:pure-ftpd:0.98.4:::::::*
pureftpd	pure-ftpd	0.98.5	cpe:2.3:a:pureftpd:pure-ftpd:0.98.5:::::::*
pureftpd	pure-ftpd	0.98.6	cpe:2.3:a:pureftpd:pure-ftpd:0.98.6:::::::*
pureftpd	pure-ftpd	0.98.7	cpe:2.3:a:pureftpd:pure-ftpd:0.98.7:::::::*
pureftpd	pure-ftpd	0.98pre1	cpe:2.3:a:pureftpd:pure-ftpd:0.98pre1:::::::*
pureftpd	pure-ftpd	0.98pre2	cpe:2.3:a:pureftpd:pure-ftpd:0.98pre2:::::::*
pureftpd	pure-ftpd	0.99	cpe:2.3:a:pureftpd:pure-ftpd:0.99:::::::*
pureftpd	pure-ftpd	0.99.1	cpe:2.3:a:pureftpd:pure-ftpd:0.99.1:::::::*
pureftpd	pure-ftpd	0.99.1a	cpe:2.3:a:pureftpd:pure-ftpd:0.99.1a:::::::*
pureftpd	pure-ftpd	0.99.1b	cpe:2.3:a:pureftpd:pure-ftpd:0.99.1b:::::::*
pureftpd	pure-ftpd	0.99.2	cpe:2.3:a:pureftpd:pure-ftpd:0.99.2:::::::*
pureftpd	pure-ftpd	0.99.2a	cpe:2.3:a:pureftpd:pure-ftpd:0.99.2a:::::::*
pureftpd	pure-ftpd	0.99.3	cpe:2.3:a:pureftpd:pure-ftpd:0.99.3:::::::*
pureftpd	pure-ftpd	0.99.4	cpe:2.3:a:pureftpd:pure-ftpd:0.99.4:::::::*
pureftpd	pure-ftpd	0.99.9	cpe:2.3:a:pureftpd:pure-ftpd:0.99.9:::::::*
pureftpd	pure-ftpd	0.99a	cpe:2.3:a:pureftpd:pure-ftpd:0.99a:::::::*
pureftpd	pure-ftpd	0.99b	cpe:2.3:a:pureftpd:pure-ftpd:0.99b:::::::*
pureftpd	pure-ftpd	0.99pre1	cpe:2.3:a:pureftpd:pure-ftpd:0.99pre1:::::::*
pureftpd	pure-ftpd	0.99pre2	cpe:2.3:a:pureftpd:pure-ftpd:0.99pre2:::::::*
pureftpd	pure-ftpd	1.0.0	cpe:2.3:a:pureftpd:pure-ftpd:1.0.0:::::::*
pureftpd	pure-ftpd	1.0.1	cpe:2.3:a:pureftpd:pure-ftpd:1.0.1:::::::*
pureftpd	pure-ftpd	1.0.2	cpe:2.3:a:pureftpd:pure-ftpd:1.0.2:::::::*
pureftpd	pure-ftpd	1.0.3	cpe:2.3:a:pureftpd:pure-ftpd:1.0.3:::::::*
pureftpd	pure-ftpd	1.0.4	cpe:2.3:a:pureftpd:pure-ftpd:1.0.4:::::::*
pureftpd	pure-ftpd	1.0.5	cpe:2.3:a:pureftpd:pure-ftpd:1.0.5:::::::*
pureftpd	pure-ftpd	1.0.6	cpe:2.3:a:pureftpd:pure-ftpd:1.0.6:::::::*
pureftpd	pure-ftpd	1.0.7	cpe:2.3:a:pureftpd:pure-ftpd:1.0.7:::::::*
pureftpd	pure-ftpd	1.0.8	cpe:2.3:a:pureftpd:pure-ftpd:1.0.8:::::::*
pureftpd	pure-ftpd	1.0.9	cpe:2.3:a:pureftpd:pure-ftpd:1.0.9:::::::*
pureftpd	pure-ftpd	1.0.10	cpe:2.3:a:pureftpd:pure-ftpd:1.0.10:::::::*
pureftpd	pure-ftpd	1.0.11	cpe:2.3:a:pureftpd:pure-ftpd:1.0.11:::::::*
pureftpd	pure-ftpd	1.0.12	cpe:2.3:a:pureftpd:pure-ftpd:1.0.12:::::::*
pureftpd	pure-ftpd	1.0.13a	cpe:2.3:a:pureftpd:pure-ftpd:1.0.13a:::::::*
pureftpd	pure-ftpd	1.0.14	cpe:2.3:a:pureftpd:pure-ftpd:1.0.14:::::::*
pureftpd	pure-ftpd	1.0.15	cpe:2.3:a:pureftpd:pure-ftpd:1.0.15:::::::*
pureftpd	pure-ftpd	1.0.16a	cpe:2.3:a:pureftpd:pure-ftpd:1.0.16a:::::::*
pureftpd	pure-ftpd	1.0.16b	cpe:2.3:a:pureftpd:pure-ftpd:1.0.16b:::::::*
pureftpd	pure-ftpd	1.0.16c	cpe:2.3:a:pureftpd:pure-ftpd:1.0.16c:::::::*
pureftpd	pure-ftpd	1.0.17	cpe:2.3:a:pureftpd:pure-ftpd:1.0.17:::::::*
pureftpd	pure-ftpd	1.0.17a	cpe:2.3:a:pureftpd:pure-ftpd:1.0.17a:::::::*
pureftpd	pure-ftpd	1.0.18	cpe:2.3:a:pureftpd:pure-ftpd:1.0.18:::::::*
pureftpd	pure-ftpd	1.0.19	cpe:2.3:a:pureftpd:pure-ftpd:1.0.19:::::::*
pureftpd	pure-ftpd	1.0.20	cpe:2.3:a:pureftpd:pure-ftpd:1.0.20:::::::*

References for CVE-2011-0418

URL	Tags
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28	Patch
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h	Patch
http://securityreason.com/achievement_securityalert/97	Exploit
http://securityreason.com/securityalert/8228
http://www.mandriva.com/security/advisories?name=MDVSA-2011:094
http://www.pureftpd.org/project/pure-ftpd/news
http://www.securityfocus.com/bid/47671	Exploit
http://www.vupen.com/english/advisories/2011/1273	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=704283

URL

CVE-2011-0418

Public exploit references (Exploit-DB) for CVE-2011-0418

Exploit prediction scoring system (EPSS) score for CVE-2011-0418

Common vulnerability scoring system (CVSS) metrics for CVE-2011-0418

Weakness enumeration for CVE-2011-0418

OS Trackers for CVE-2011-0418

Affected software / configurations for CVE-2011-0418

References for CVE-2011-0418