How severe is CVE-2024-11144?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-11144?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2024-11144 - CRITICAL Severity | CVSS 7.5

Vulnerability Description

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services.

Related Vulnerabilities

CVE-2009-1837

HIGH

CVSS:7.5(High)

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code...

CWE-3622009

CVE-2016-15036

HIGH

CVSS:7.5(High)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race cond...

CWE-3622016

CVE-2016-20015

HIGH

CVSS:7.5(High)

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privilege...

CWE-3622016

CVE-2016-2812

HIGH

CVSS:7.5(High)

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a d...

CWE-3622016

CVE-2016-4309

HIGH

CVSS:7.5(High)

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.

CWE-3622016

CVE-2016-4954

HIGH

CVSS:7.5(High)

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many sour...

CWE-3622016