Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ProFTPD mod_sql模块远程堆缓冲区溢出漏洞
Vulnerability Description
ProFTPD 是一款高可配置性的FTP服务程序,允许对每个目录进行限制访问。 当mod_sql启用时,ProFTPD 1.3.3d之前版本中的sql_prepare_where函数(又名contrib/mod_sql.c)中存在基于堆的缓冲区溢出漏洞。远程攻击者可以借助包含替代标签的特制用户名称(在SQL查询创建过程中没有得到正确处理),导致拒绝服务(崩溃)并可能执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A