FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lftp HTML parsing vulnerability

Affected packages
lftp <= 2.6.10

Details

VuXML ID d7af61c8-2cc0-11d8-9355-0020ed76ef5a
Discovery 2003-12-11
Entry 2003-12-12

A buffer overflow exists in lftp which may be triggered when requesting a directory listing from a malicious server over HTTP.

References

CVE Name CVE-2003-0963
URL http://lftp.yar.ru/news.html#2.6.10