Olivier Baudron

Name of the Vulnerable Software and Affected Versions: vsftpd versions prior to 1.2.2 Description: The issue is related to a denial of service condition that can be triggered under heavy load, causing the ftp server to crash or hang. This is due to an error in connection handling, which can result in a loss of availability for the ftp server. When the server is under heavy load, attackers can exploit this issue by sending a SIGCHLD signal during a malloc or free call, which is not re-entrant, leading to a crash. Recommendations: For vsftpd versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider implementing measures to reduce the load on the ftp server and minimize the risk of exploitation.