Published: 30/09/2013 Updated: 31/12/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote malicious users to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

Affected Products

Vendor Product Versions
ProftpdProftpd1.3.4, 1.3.5

Vendor Advisories

Debian Bug report logs - #723179 proftpd-dfsg: CVE-2013-4359 Package: proftpd-dfsg; Maintainer for proftpd-dfsg is ProFTPD Maintainance Team <pkg-proftpd-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 17 Sep 2013 06:03:02 UTC Severity: grave Tags: patch, securit ...