Key Information Vulnerability Overview Vulnerability Type: Heap Buffer Overflow Affected Versions: bftpd ≤ 6.2 Vendor: bftpd Project Repository Software: bftpd FTP Server Vulnerable Files: options.c, commands.c Description 1. Heap Buffer Overflow in Function: - In , the function performs unsafe string concatenation using . - The pointer is allocated via in , which allocates only bytes — sufficient to store the original string and its null terminator. - The call writes two additional bytes ( and ) beyond the allocated buffer, causing a heap buffer overflow. 2. Exploitation Path: - During user authentication, the FTP command triggers the call chain: . - When the FTP server reads a configuration file containing entries, processes strings from that file. - The overflow occurs when the function attempts to append a comma to . 3. Impact: - The overflow may result in controlled memory corruption, potentially leading to process crashes (Denial of Service). - Under certain conditions, this memory corruption could be exploited to execute arbitrary code, depending on heap layout and security mitigations in place.