CVE-2011-0762

NameCVE-2011-0762
DescriptionThe vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2305-1
Debian Bugs622741

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vsftpd (PTS)jessie3.0.2-17+deb8u1fixed
stretch3.0.3-8fixed
buster, bullseye3.0.3-12fixed
bookworm3.0.3-13fixed
sid, trixie3.0.3-13.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vsftpdsourcelenny2.0.7-1+lenny1
vsftpdsourcesqueeze2.3.2-3+squeeze2
vsftpdsource(unstable)2.3.4-1622741
Search for package or bug name: Reporting problems