CVE-2023-51713
published 2023-12-22CVE-2023-51713: make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
4.25%
89.8th percentile
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | proftpd-dfsg | < proftpd-dfsg 1.3.8+dfsg-4+deb12u3 (bookworm) | proftpd-dfsg 1.3.8+dfsg-4+deb12u3 (bookworm) |
| proftpd | proftpd | < 1.3.8a | 1.3.8a |
Detection & IOCsextracted from sources · hover to see the quote
otherProFTPD version < 1.3.8a
bytes
00000000 (hex, sent as TCP input to FTP port 21 to trigger crash)
yara
regex: ProFTPD ([0-9.a-z]+)
- →Banner-grab FTP port 21 and extract ProFTPD version string; flag any banner reporting a version below 1.3.8a as vulnerable.
- →The vulnerability is triggered via mishandling of quote/backslash semantics in make_ftp_cmd (main.c); monitor for FTP commands containing unusual quote/backslash sequences that cause daemon crashes. ↗
- →Use Shodan queries 'product:proftpd' or 'cpe:cpe:2.3:a:proftpd:proftpd' to identify exposed vulnerable instances.
- →A single TCP request of 4 null bytes (hex 00000000) to port 21 with a read-size of 1024 is sufficient to probe for the vulnerability and elicit the ProFTPD banner for version comparison.
- ·The Nuclei template targets the network/FTP attack surface with no authentication required (PR:N, UI:N); the matcher relies on passive version extraction from the banner, so it will not fire if the banner is suppressed or customised.
- ·Fixed package versions differ by distro: Debian bookworm requires 1.3.8+dfsg-4+deb12u3, bullseye requires 1.3.7a+dfsg-12+deb11u3, and forky/sid/trixie require 1.3.8.a+dfsg-1; version-based detection must account for these distro-specific patch backports. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ProFTPD vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 5.9
CVE-2023-48795 [MEDIUM] ProFTPD vulnerabilities
Title: ProFTPD vulnerabilities
Summary: Several security issues were fixed in proftpd-dfsg.
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the
transport protocol implementation in ProFTPD had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)
Martin Mirchev discovered that ProFTPD did not properly validate user
input over the network. An attacker could use this vulnerability to
crash ProFTPD or execute arbitrary code. (CVE-2023-51713)
Brian Ristuccia discovered that ProFTPD incorrectly inherited groups
from the parent process. An attacker could use this vulnerability to
elevate privileges. (CVE-2024-48651)
Instructions: In general, a standard system update will make all t
Debian
CVE-2023-51713: proftpd-dfsg - make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds rea...
vendor_debian·2023·CVSS 7.5
CVE-2023-51713 [HIGH] CVE-2023-51713: proftpd-dfsg - make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds rea...
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
Scope: local
bookworm: resolved (fixed in 1.3.8+dfsg-4+deb12u3)
bullseye: resolved (fixed in 1.3.7a+dfsg-12+deb11u3)
forky: resolved (fixed in 1.3.8.a+dfsg-1)
sid: resolved (fixed in 1.3.8.a+dfsg-1)
trixie: resolved (fixed in 1.3.8.a+dfsg-1)
OSV
ProFTPD vulnerabilities
osv·2025-02-25·CVSS 5.9
CVE-2023-48795 [MEDIUM] ProFTPD vulnerabilities
ProFTPD vulnerabilities
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the
transport protocol implementation in ProFTPD had weak integrity checks.
An attacker could use this vulnerability to bypass security features
like encryption and integrity checks. (CVE-2023-48795)
Martin Mirchev discovered that ProFTPD did not properly validate user
input over the network. An attacker could use this vulnerability to
crash ProFTPD or execute arbitrary code. (CVE-2023-51713)
Brian Ristuccia discovered that ProFTPD incorrectly inherited groups
from the parent process. An attacker could use this vulnerability to
elevate privileges. (CVE-2024-48651)
GHSA
GHSA-6959-h9pv-vhf9: make_ftp_cmd in main
ghsa_unreviewed·2023-12-22
CVE-2023-51713 [HIGH] CWE-125 GHSA-6959-h9pv-vhf9: make_ftp_cmd in main
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
OSV
CVE-2023-51713: make_ftp_cmd in main
osv·2023-12-22·CVSS 7.5
CVE-2023-51713 [HIGH] CVE-2023-51713: make_ftp_cmd in main
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
No detection rules found.
Nuclei
ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read
nuclei·CVSS 7.5
CVE-2023-51713 [HIGH] ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read
ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read
ProFTPD versions before 1.3.8a contain a one-byte out-of-bounds read vulnerability in the make_ftp_cmd function within main.c. This vulnerability can lead to a daemon crash, causing denial of service.
Template:
id: CVE-2023-51713
info:
name: ProFTPD < 1.3.8a - DoS via Out-of-Bounds Read
author: pussycat0x
severity: high
description: |
ProFTPD versions before 1.3.8a contain a one-byte out-of-bounds read vulnerability in the make_ftp_cmd function within main.c. This vulnerability can lead to a daemon crash, causing denial of service.
impact: |
Attackers can crash the ProFTPD daemon by triggering an out-of-bounds read in the make_ftp_cmd function, causing service disruption and denying legitimate users access to FTP services.
remediation: |
Up
https://github.com/proftpd/proftpd/blob/1.3.8/NEWShttps://github.com/proftpd/proftpd/issues/1683https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554https://github.com/proftpd/proftpd/blob/1.3.8/NEWShttps://github.com/proftpd/proftpd/issues/1683https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html
2023-12-22
Published