CVE-2023-51713

HIGH NUCLEI

ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read

Title source: nuclei

Exploitation Summary

CVE-2023-51713 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.

Nuclei Templates (1)

ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read

HIGHVERIFIEDby pussycat0x

Shodan: product:"proftpd" || cpe:"cpe:2.3:a:proftpd:proftpd"

References (4)

Core 4

Core References

Release Notes

https://github.com/proftpd/proftpd/blob/1.3.8/NEWS

View Writeup ZIP pw:eip

Exploit, Issue Tracking, Patch, Vendor Advisory

https://github.com/proftpd/proftpd/issues/1683

Exploit, Issue Tracking, Patch, Vendor Advisory

https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554

Mailing List

https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html

Scores

CVSS v3 7.5

EPSS 0.0425

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (1)

proftpd/proftpd < 1.3.8a

Published Dec 22, 2023

Tracked Since Feb 18, 2026