Search for vulnerabilities
Vulnerability details: VCID-xxs7-fu94-aaan
Vulnerability ID VCID-xxs7-fu94-aaan
Aliases CVE-2013-4359
Summary Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
generic_textual Medium http://bugs.proftpd.org/show_bug.cgi?id=3973
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4359.html
epss 0.01402 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.01402 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.01402 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.01402 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.02337 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
epss 0.03351 https://api.first.org/data/v1/epss?cve=CVE-2013-4359
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-4359
Reference id Reference type URL
http://bugs.proftpd.org/show_bug.cgi?id=3973
http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/
http://lists.opensuse.org/opensuse-updates/2013-10/msg00032.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00020.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4359.html
https://api.first.org/data/v1/epss?cve=CVE-2013-4359
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359
http://www.debian.org/security/2013/dsa-2767
http://www.openwall.com/lists/oss-security/2013/09/17/6
723179 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723179
cpe:2.3:a:proftpd:proftpd:1.3.4:d:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:proftpd:proftpd:1.3.4:d:*:*:*:*:*:*
cpe:2.3:a:proftpd:proftpd:1.3.5:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:proftpd:proftpd:1.3.5:rc3:*:*:*:*:*:*
CVE-2013-4359 https://nvd.nist.gov/vuln/detail/CVE-2013-4359
GLSA-201309-15 https://security.gentoo.org/glsa/201309-15
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4359
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86134
EPSS Score 0.01402
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.