CVE-2025-14242
MEDIUMRed Hat Enterprise Linux vsftpd - Denial of Service via Integer Overflow in STAT Command Parameter Parsing
Title source: llmDescription
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
References (14)
Core 14
Core References
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2419826
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0605
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0606
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0608
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4470
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4477
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4513
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4522
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4525
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4543
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:4550
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:4553
https://access.redhat.com/errata/RHSA-2026:4553
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:4554
https://access.redhat.com/errata/RHSA-2026:4554
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-14242
Scores
CVSS v3
6.5
EPSS
0.0074
EPSS Percentile
49.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (18)
Red Hat/Red Hat Enterprise Linux 10
0:3.0.5-10.el10_1.1
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:3.0.5-9.el10_0.1
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:3.0.3-36.el8_10.3
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
0:3.0.3-31.el8_2.1
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:3.0.3-33.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
0:3.0.3-33.el8_4.1
Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
0:3.0.3-35.el8_6.1
Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service
0:3.0.3-35.el8_6.1
... and 8 more
Published
Jan 14, 2026
Tracked Since
Feb 18, 2026