VYPR
Unrated severityNVD Advisory· Published Nov 30, 2006· Updated Jun 16, 2026

CVE-2006-6171

CVE-2006-6171

Description

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Proftpd/Proftpd2 versions
    cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*range: <=1.3.0a
    • (no CPE)range: <=1.3.0a

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.