CVE-2011-1137

Summary

CVE	CVE-2011-1137
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-03-11 17:55:03 UTC
Updated	2026-04-29 01:13:23 UTC
Description	Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: CWE-189 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Proftpd	Proftpd	1.2.0	All	All	All
Application	Proftpd	Proftpd	1.2.0	pre10	All	All
Application	Proftpd	Proftpd	1.2.0	pre9	All	All
Application	Proftpd	Proftpd	1.2.0	rc1	All	All
Application	Proftpd	Proftpd	1.2.0	rc2	All	All
Application	Proftpd	Proftpd	1.2.0	rc3	All	All
Application	Proftpd	Proftpd	1.2.1	All	All	All
Application	Proftpd	Proftpd	1.2.10	All	All	All
Application	Proftpd	Proftpd	1.2.10	rc1	All	All
Application	Proftpd	Proftpd	1.2.10	rc2	All	All
Application	Proftpd	Proftpd	1.2.10	rc3	All	All
Application	Proftpd	Proftpd	1.2.2	All	All	All
Application	Proftpd	Proftpd	1.2.2	rc1	All	All
Application	Proftpd	Proftpd	1.2.2	rc2	All	All
Application	Proftpd	Proftpd	1.2.2	rc3	All	All
Application	Proftpd	Proftpd	1.2.3	All	All	All
Application	Proftpd	Proftpd	1.2.4	All	All	All
Application	Proftpd	Proftpd	1.2.5	All	All	All
Application	Proftpd	Proftpd	1.2.5	rc1	All	All
Application	Proftpd	Proftpd	1.2.5	rc2	All	All
Application	Proftpd	Proftpd	1.2.5	rc3	All	All
Application	Proftpd	Proftpd	1.2.6	All	All	All
Application	Proftpd	Proftpd	1.2.6	rc1	All	All
Application	Proftpd	Proftpd	1.2.6	rc2	All	All
Application	Proftpd	Proftpd	1.2.7	All	All	All
Application	Proftpd	Proftpd	1.2.7	rc1	All	All
Application	Proftpd	Proftpd	1.2.7	rc2	All	All
Application	Proftpd	Proftpd	1.2.7	rc3	All	All
Application	Proftpd	Proftpd	1.2.8	All	All	All
Application	Proftpd	Proftpd	1.2.8	rc1	All	All
Application	Proftpd	Proftpd	1.2.8	rc2	All	All
Application	Proftpd	Proftpd	1.2.9	All	All	All
Application	Proftpd	Proftpd	1.2.9	rc1	All	All
Application	Proftpd	Proftpd	1.2.9	rc2	All	All
Application	Proftpd	Proftpd	1.2.9	rc3	All	All
Application	Proftpd	Proftpd	1.3.0	All	All	All
Application	Proftpd	Proftpd	1.3.0	a	All	All
Application	Proftpd	Proftpd	1.3.0	rc1	All	All
Application	Proftpd	Proftpd	1.3.0	rc2	All	All
Application	Proftpd	Proftpd	1.3.0	rc3	All	All
Application	Proftpd	Proftpd	1.3.0	rc4	All	All
Application	Proftpd	Proftpd	1.3.0	rc5	All	All
Application	Proftpd	Proftpd	1.3.1	All	All	All
Application	Proftpd	Proftpd	1.3.1	rc1	All	All
Application	Proftpd	Proftpd	1.3.1	rc2	All	All
Application	Proftpd	Proftpd	1.3.1	rc3	All	All
Application	Proftpd	Proftpd	1.3.2	All	All	All
Application	Proftpd	Proftpd	1.3.2	a	All	All
Application	Proftpd	Proftpd	1.3.2	b	All	All
Application	Proftpd	Proftpd	1.3.2	c	All	All
Application	Proftpd	Proftpd	1.3.2	d	All	All
Application	Proftpd	Proftpd	1.3.2	e	All	All
Application	Proftpd	Proftpd	1.3.2	rc1	All	All
Application	Proftpd	Proftpd	1.3.2	rc2	All	All
Application	Proftpd	Proftpd	1.3.2	rc3	All	All
Application	Proftpd	Proftpd	1.3.2	rc4	All	All
Application	Proftpd	Proftpd	1.3.3	All	All	All
Application	Proftpd	Proftpd	1.3.3	a	All	All
Application	Proftpd	Proftpd	1.3.3	b	All	All
Application	Proftpd	Proftpd	1.3.3	c	All	All
Application	Proftpd	Proftpd	1.3.3	rc1	All	All
Application	Proftpd	Proftpd	1.3.3	rc2	All	All
Application	Proftpd	Proftpd	1.3.3	rc3	All	All
Application	Proftpd	Proftpd	1.3.3	rc4	All	All
Application	Proftpd	Proftpd	All	d	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
681718 – (CVE-2011-1137) CVE-2011-1137 proftpd: integer overflow in mod_sftp	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com	Exploit, Patch
[SECURITY] Fedora 13 Update: proftpd-1.3.3e-1.fc13	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
ProFTPD mod_sftp Integer Overflow DoS PoC	af854a3a-2127-422b-91ae-364da2661108	www.exploit-db.com	Exploit
The Slackware Linux Project: Slackware Security Advisories	af854a3a-2127-422b-91ae-364da2661108	slackware.com
ProFTPD Two Vulnerabilities - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
CVS Info for project proftp	af854a3a-2127-422b-91ae-364da2661108	proftp.cvs.sourceforge.net	Vendor Advisory
Bug 3587 – mod_sftp Integer Overflow DoS	af854a3a-2127-422b-91ae-364da2661108	bugs.proftpd.org
CVS Info for project proftp	af854a3a-2127-422b-91ae-364da2661108	proftp.cvs.sourceforge.net	Patch
CVS Info for project proftp	af854a3a-2127-422b-91ae-364da2661108	proftp.cvs.sourceforge.net	Vendor Advisory
Debian -- Security Information -- DSA-2185-1 proftpd-dfsg	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
[SECURITY] Fedora 14 Update: proftpd-1.3.3e-1.fc14	af854a3a-2127-422b-91ae-364da2661108	lists.fedoraproject.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Vendor Advisory
Debian update for proftpd-dfsg - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Slackware update for proftpd - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Exploit
Bug 3586 – mod_sftp behaves badly when receiving badly formed SSH messages	af854a3a-2127-422b-91ae-364da2661108	bugs.proftpd.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.