SurgeFTP 2.2m1 allows remote malicious users to cause a denial of service (application hang) via the LEAK command.
netwin surgeftp 2.2m1
netwin surgeftp 2.2k3