HIGH🇵🇱 Wersja polska

CVE-2023-51713

CVSS 7.5v3.1pub. 2023-12-22upd. 2025-11-03

make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Proftpd

    APP
    Proftpd
    < 1.3.8a
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2010-20103CRITICAL9.3PL ✓ten sam produkt

Backdoor w ProFTPD 1.3.3c umożliwiający zdalne wykonanie kodu jako root

CVE-2019-12815CRITICAL9.8ten sam produkt

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and ...

CVE-2026-35025HIGH8.6ten sam produkt

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated...

CVE-2021-46854HIGH7.5ten sam produkt

mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 ...

CVE-2020-9273HIGH8.8ten sam produkt

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This tr...