CVE-2010-4652

2011-02-02T01:00:00
ID CVE-2010-4652
Type cve
Reporter cve@mitre.org
Modified 2011-03-18T02:56:00

Description

Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.