Login Sign Up

CVE-2023-51713

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-51713 is a one-byte out-of-bounds read vulnerability in ProFTPD's make_ftp_cmd function that can cause the FTP daemon to crash. This affects ProFTPD servers running versions before 1.3.8a. The vulnerability occurs due to mishandling of quote and backslash semantics in FTP command processing.

💻 Affected Systems

Products:
  • ProFTPD
Versions: All versions before 1.3.8a
Operating Systems: All operating systems running ProFTPD
Default Config Vulnerable: ⚠️ Yes
Notes: All ProFTPD configurations are vulnerable if running affected versions

📦 What is this software?

Proftpd by Proftpd

View all CVEs affecting Proftpd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service causing FTP service disruption and potential data loss for active transfers

🟠

Likely Case

Service crash requiring manual restart of ProFTPD daemon

🟢

If Mitigated

Minimal impact with proper monitoring and automated restart mechanisms

🌐 Internet-Facing: HIGH - FTP servers are typically internet-facing and vulnerable to unauthenticated attacks
🏢 Internal Only: MEDIUM - Internal attackers could disrupt FTP services affecting business operations

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in the FTP command parser and can be triggered by sending specially crafted FTP commands

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.8a

Vendor Advisory: https://github.com/proftpd/proftpd/blob/1.3.8/NEWS

Restart Required: Yes

Instructions:

1. Download ProFTPD 1.3.8a or later from official sources. 2. Stop the ProFTPD service. 3. Backup configuration files. 4. Install the new version. 5. Restart the ProFTPD service.

🔧 Temporary Workarounds

Network-based mitigation

linux

Block or restrict FTP access using firewall rules

iptables -A INPUT -p tcp --dport 21 -j DROP
iptables -A INPUT -p tcp --dport 20 -j DROP

Service monitoring and auto-restart

linux

Implement monitoring and automatic restart for ProFTPD service

systemctl enable proftpd
systemctl start proftpd

🧯 If You Can't Patch

  • Implement network segmentation to isolate FTP servers from critical systems
  • Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check ProFTPD version with: proftpd -v

Check Version:

proftpd -v

Verify Fix Applied:

Verify version is 1.3.8a or later: proftpd -v | grep -q '1.3.8a' && echo 'Patched'

📡 Detection & Monitoring

Log Indicators:

  • ProFTPD daemon crashes
  • Segmentation fault errors in system logs
  • Unexpected service restarts

Network Indicators:

  • Multiple FTP connections with malformed commands
  • FTP service becoming unresponsive

SIEM Query:

source="proftpd.log" AND ("segmentation fault" OR "crash" OR "abnormal termination")

📊 Metadata

CVE ID: CVE-2023-51713
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: December 22, 2023
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51713, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)