CVE-2010-4652
EPSS 5.5%Published: 2/2/2011Modified: 4/28/2026
Description
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
Affected packages (1)
- Debian/proftpd-dfsgfrom 0, < 1.3.3a-6