Description
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
References (14)
Scores
CVSS v3
6.5
EPSS
0.0014
EPSS Percentile
34.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (18)
Red Hat/Red Hat Enterprise Linux 10
0:3.0.5-10.el10_1.1
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:3.0.5-9.el10_0.1
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:3.0.3-36.el8_10.3
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
0:3.0.3-31.el8_2.1
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:3.0.3-33.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
0:3.0.3-33.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
0:3.0.3-35.el8_6.1
Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service
0:3.0.3-35.el8_6.1
... and 8 more
Published
Jan 14, 2026
Tracked Since
Feb 18, 2026