VDB

GCVE-110-MAGEIA-2015-485

GCVE-110-MAGEIA-2015-485
Advisory Published
Vulnetix · Advisory published December 24, 2015
Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The mod_sftp module currently places no bounds/length limitations when reading these SFTP extension key/value data from the network. A malicious attacker might attempt to encode large values, and allocate more memory than is necessary, causing excessive resource usage or the FTP daemon to crash (proftpd#4210). This update also includes a fix for a crash in mod_lang (proftpd#4206).

Affected Products

VendorProductVersionsPlatforms
Mageiaproftpd0 (affected), 1.3.5-5.1.mga5 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›