vsftpd-3.0.3-36.el8_10.3
エラータID: AXSA:2026-044:01
Release date:
Tuesday, January 20, 2026 - 16:39
Subject:
vsftpd-3.0.3-36.el8_10.3
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The vsftpd packages include a Very Secure File Transfer Protocol (FTP) daemon, which is used to serve files over a network.
Security Fix(es):
* vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing (CVE-2025-14242)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-14242
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
Solution:
Update packages.
CVEs:
CVE-2025-14242
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
Additional Info:
N/A
Download:
SRPMS
- vsftpd-3.0.3-36.el8_10.3.src.rpm
MD5: 20ee3e9981b1d1a79c9434c36f876ce1
SHA-256: 5d094645f80b718e2d669f464ce4c903cdf15e24f2b94db854ff62a5720e0b07
Size: 302.64 kB
Asianux Server 8 for x86_64
- vsftpd-3.0.3-36.el8_10.3.i686.rpm
MD5: cef25603e777b71ef9719f0b4b9fed84
SHA-256: db4370cf9ebbbfc06476f8bcde8693451be02465eac113457ac1a8491f1f6b3f
Size: 193.34 kB - vsftpd-3.0.3-36.el8_10.3.x86_64.rpm
MD5: 72e133584c464aad25d40197b2ad0ad8
SHA-256: 91ba645efdecfb0b36209bf1ea29028a0219577f7a7f9e6cb93bf94fd062c608
Size: 180.68 kB