| 제목 | bftpd Project bftpd FTP Server 6.2 Heap-based Buffer Overflow |
|---|
| 설명 | A heap buffer overflow vulnerability exists in bftpd ≤ 6.2 within the `expand_groups()` function (options.c). The function appends a comma to a buffer allocated via `strdup()`, causing a 2-byte heap overflow. The issue can be triggered during processing of user commands when group definitions are parsed from a crafted configuration file, leading to process crash and potential code execution. |
|---|
| 원천 | ⚠️ https://shimo.im/docs/rp3OMVMZZXc9lvkm/ |
|---|
| 사용자 | zh_vul (UID 91488) |
|---|
| 제출 | 2025. 10. 11. AM 05:20 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 19. AM 05:06 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329027 [bftpd 까지 6.2 Configuration File options.c expand_groups 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|