CVE-2010-4652
EPSS 5.5%發布日:2011/2/2修改日:2026/4/28
描述
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
受影響套件(1)
- Debian/proftpd-dfsgfrom 0, < 1.3.3a-6