Vsftpd

This hub aggregates every CVE we track for Vsftpd, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 9 most recently published vulnerabilities affecting Vsftpd.

• CVE-2025-14242Vsftpd: vsftpd: denial of service via integer overflow in ls command parameter parsing6.5Jan 14, 2026
• CVE-2021-30047VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.7.5Aug 22, 2023
• CVE-2021-3618ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certifi...7.4Mar 23, 2022
• CVE-2011-2523vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.9.8Nov 27, 2019
• CVE-2015-1419Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.5.0Jan 28, 2015
• CVE-2011-0762The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob ...4.0Mar 2, 2011
• CVE-2008-2375Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consump...7.1Jul 9, 2008
• CVE-2004-2259vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.5.0Jul 19, 2005
• CVE-2004-0042vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.5.0Jan 14, 2004