cbcvebase.
CVE-2011-1137
published 2011-03-11

CVE-2011-1137: Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption…

PriorityP338medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
28.07%
97.9th percentile
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianproftpd-dfsg< proftpd-dfsg 1.3.3d-4 (bookworm)proftpd-dfsg 1.3.3d-4 (bookworm)
linuxlinux_kernel>= 2.6.16 < 4.14.3234.14.323
linuxlinux_kernel>= 4.15.0 < 4.19.2924.19.292
linuxlinux_kernel>= 4.20.0 < 5.4.2545.4.254
linuxlinux_kernel>= 5.11.0 < 5.15.1275.15.127
linuxlinux_kernel>= 5.16.0 < 6.1.466.1.46
linuxlinux_kernel>= 5.5.0 < 5.10.1915.10.191
linuxlinux_kernel>= 6.2.0 < 6.4.116.4.11
proftpdproftpd<= 1.3.3
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd
proftpdproftpd

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_redhat5.5LOW
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.