CVE-2025-14242
Vsftpd: vsftpd: denial of service via integer overflow in ls command parameter parsing
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
| CWE | CWE-190 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Jan 14, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new medium vulnerabilities affecting red hat red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0605 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0606 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0608 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4470 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4477 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4513 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4522 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4525 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4543 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4550 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4553 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4554 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-14242 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2419826
Credits
Red Hat would like to thank Sankin Nikita Alexeevich for reporting this issue.