RHSA-2026:0606 Moderate

RHSA-2026:0606: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing

Red Hat Released: January 14, 2026 Updated: January 15, 2026 Restart Required

Description

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

Fixed Vulnerabilities 1

CVE-2025-14242 ⚠️ KEV fixed

Jan 14, 2026

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered…

Quick Info

Patch ID: RHSA-2026:0606

Vendor: Red Hat

Severity: Moderate

CVEs Fixed: 1

Restart: Required

Vendor

Red Hat

Additional Info

cwe: CWE-190

type: Security Advisory

rhsa id: RHSA-2026:0606

cvss score: 6.5

mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

cvss vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

rhsa number: 2026:0606

CVE Vulnerabilities

Posts & Pages