Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-02-01 17:00
Updated : 2011-03-17 19:56
NVD link : CVE-2010-4652
Mitre link : CVE-2010-4652
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
proftpd
- proftpd