CVE-2023-51713

HIGH NUCLEI

ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read

Title source: nuclei

Description

make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.

Nuclei Templates (1)

ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read

HIGHVERIFIEDby pussycat0x

Shodan: product:"proftpd" || cpe:"cpe:2.3:a:proftpd:proftpd"

References (4)

[Release Notes] https://github.com/proftpd/proftpd/blob/1.3.8/NEWS

View Writeup ZIP pw:eip

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://github.com/proftpd/proftpd/issues/1683

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html

Scores

CVSS v3 7.5

EPSS 0.6530

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (1)

proftpd/proftpd < 1.3.8a

Published Dec 22, 2023

Tracked Since Feb 18, 2026