Name of the Vulnerable Software and Affected Versions proftpd (affected versions not specified)

Description The issue arises from the mod sftp module in proftpd, which lacks bounds or length limitations when reading SFTP extension key/value data from the network. This allows a malicious attacker to potentially cause excessive resource usage or crash the FTP daemon by encoding large values. The problem is related to how SSH encodes strings for network transport, using a 32-bit length followed by the bytes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.