VDB
GCVE-110-MAGEIA-2015-485
GCVE-110-MAGEIA-2015-485
Advisory Published
Updated proftpd packages fix security vulnerability:
Part of the SFTP handshake involves "extensions", which are key/value pairs,
comprised of strings. In SSH, strings are encoded for network transport as a
32-bit length, followed by the bytes. The mod_sftp module currently places no
bounds/length limitations when reading these SFTP extension key/value data from
the network. A malicious attacker might attempt to encode large values, and
allocate more memory than is necessary, causing excessive resource usage or the
FTP daemon to crash (proftpd#4210).
This update also includes a fix for a crash in mod_lang (proftpd#4206).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | proftpd | 0 (affected), 1.3.5-5.1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.