Integer Overflow Vulnerability in ProFTPD's mod_sftp Component
CVE-2013-4359

Currently unrated

Key Information:

Vendor: Proftpd
Status: Proftpd
Vendor: CVE Published:; 30 September 2013

What is CVE-2013-4359?

An integer overflow vulnerability exists in the kbdint.c component of the mod_sftp feature within ProFTPD versions 1.3.4d and 1.3.5r3. This flaw enables remote attackers to trigger a denial of service condition by sending a large response count value during authentication requests. This scenario leads to excessive memory consumption due to oversized memory allocations, potentially destabilizing the server.

References

http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftp...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2013/09/17/6

mailing-listx_refsource_MLIST

http://www.debian.org/security/2013/dsa-2767

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Sep 30, 2013
Vulnerability Reserved
Jun 12, 2013

JSON

Proftpd

What is CVE-2013-4359?

References

Timeline