CVE-2008-4572

Name of the Vulnerable Software and Affected Versions GuildFTPd version 0.999.14

Description The issue allows remote attackers to cause a denial of service, potentially leading to a crash, and possibly execute arbitrary code. This is achieved by sending long arguments to the CWD and LIST commands, which triggers heap corruption due to an improper free call. The corruption may also lead to a heap-based buffer overflow.

Recommendations For GuildFTPd version 0.999.14, consider restricting access to the CWD and LIST commands until a fix is available. As a temporary workaround, limiting the length of arguments to these commands may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.