CVE-2015-5917

Name of the Vulnerable Software and Affected Versions tnftpd (formerly lukemftpd) versions prior to 10.11

Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption and daemon outage, by sending a STAT command with a crafted pattern. This can be achieved by including multiple instances of the {..,..,..}/* substring in the command.

Recommendations For versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the STAT command to minimize the risk of exploitation.