make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HProftpd
APPProftpd< 1.3.8a
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje
Powiązane podatności
CVE-2010-20103CRITICAL9.3PL ✓ten sam produkt
Backdoor w ProFTPD 1.3.3c umożliwiający zdalne wykonanie kodu jako root
CVE-2019-12815CRITICAL9.8ten sam produkt
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and ...
CVE-2026-35025HIGH8.6ten sam produkt
ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated...
CVE-2021-46854HIGH7.5ten sam produkt
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 ...
CVE-2020-9273HIGH8.8ten sam produkt
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This tr...