Home

Description

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

PUBLISHED Reserved 2026-01-18 | Published 2026-01-21 | Updated 2026-01-23 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Allocation of Resources Without Limits or Throttling

Product status

Default status
unaffected

1.3.7a
affected

Credits

xynmaps finder

References

www.exploit-db.com/exploits/49697 (ExploitDB-49697) exploit

www.proftpd.org/ (ProFTPD Official Website) product

github.com/proftpd/proftpd/issues/1298 (ProFTPD GitHub Repository) issue-tracking

www.vulncheck.com/...ries/proftpd-a-remote-denial-of-service (VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service) third-party-advisory

cve.org (CVE-2021-47865)

nvd.nist.gov (CVE-2021-47865)

Download JSON