CVE-2011-0762
vsftpd - denial of service
EPSS 23.9%
Description
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
How to fix CVE-2011-0762
To remediate CVE-2011-0762, upgrade the affected package to a fixed version below.
- Debian/vsftpd—upgrade to 2.3.4-1 or later
- Debian/vsftpd—upgrade to 2.3.2-3+squeeze2 or later
Is CVE-2011-0762 being exploited?
Moderate — EPSS is 23.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.3.4-1
- from 0, < 2.3.2-3+squeeze2