| عنوان | bftpd Project bftpd FTP Server 6.2 Heap-based Buffer Overflow |
|---|
| الوصف | A heap buffer overflow vulnerability exists in bftpd ≤ 6.2 within the `expand_groups()` function (options.c). The function appends a comma to a buffer allocated via `strdup()`, causing a 2-byte heap overflow. The issue can be triggered during processing of user commands when group definitions are parsed from a crafted configuration file, leading to process crash and potential code execution. |
|---|
| المصدر | ⚠️ https://shimo.im/docs/rp3OMVMZZXc9lvkm/ |
|---|
| المستخدم | zh_vul (UID 91488) |
|---|
| ارسال | 11/10/2025 05:20 AM (8 أشهر منذ) |
|---|
| الاعتدال | 19/10/2025 05:06 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 329027 [bftpd حتى 6.2 Configuration File options.c expand_groups تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|