Heap-Based Buffer Overflow in ProFTPD mod_sftp Affects Authenticated Users
CVE-2026-53994
What is CVE-2026-53994?
The ProFTPD mod_sftp module contains a vulnerability that allows authenticated SFTP users to exploit a heap-based buffer overflow. This occurs during the processing of SFTP packets where the fxp_packet_read() function fails to perform minimum sanity checks on the length of attacker-supplied packets. An attacker can send a specifically crafted packet with a length of zero, triggering an unsigned integer underflow. Consequently, this results in a request for an oversized memory allocation, ultimately leading to a buffer overflow condition. The exploitation of this vulnerability allows authenticated users to crash the ProFTPD session or potentially cause heap metadata corruption, which could have broader implications beyond just a denial of service scenario.
Affected Version(s)
ProFTPD 0
