DEBIAN-CVE-2011-0418
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service memory consumption via a crafted FTP STAT command...