Bug 2419826 (CVE-2025-14242)

Summary: CVE-2025-14242 vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhraj, carnil, security-response-team, tkorbar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2026-01-14   

Description Patrick Del Bello 2025-12-08 03:44:03 UTC 
HASH(0x5638e2765e28)
Comment 1 errata-xmlrpc 2026-01-14 14:59:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:0606 https://access.redhat.com/errata/RHSA-2026:0606
Comment 2 errata-xmlrpc 2026-01-14 15:16:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0608 https://access.redhat.com/errata/RHSA-2026:0608
Comment 3 errata-xmlrpc 2026-01-14 15:28:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0605 https://access.redhat.com/errata/RHSA-2026:0605
Comment 4 Salvatore Bonaccorso 2026-01-15 19:37:54 UTC 
Hi,

So is this correct that this CVE is specific for vsftpd in Red Hat due to an additional patch to support square brackets in ls command?

Only reference with CVE I found is related to this change:
https://src.fedoraproject.org/rpms/vsftpd/c/2ed5ba6e77f1c3e365fb4b0028945f762c456131

Thank you in advance,

Regards,
Salvatore
Comment 5 Tomas Korbar 2026-01-16 08:44:02 UTC 
Hi, yes that is correct. The vulnerability was located in the patch adding square
bracket support.

Regards.
Comment 6 errata-xmlrpc 2026-03-12 13:14:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:4470 https://access.redhat.com/errata/RHSA-2026:4470
Comment 7 errata-xmlrpc 2026-03-12 13:20:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:4477 https://access.redhat.com/errata/RHSA-2026:4477
Comment 8 errata-xmlrpc 2026-03-12 16:21:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:4513 https://access.redhat.com/errata/RHSA-2026:4513
Comment 9 errata-xmlrpc 2026-03-12 17:51:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4522 https://access.redhat.com/errata/RHSA-2026:4522
Comment 10 errata-xmlrpc 2026-03-12 18:10:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:4525 https://access.redhat.com/errata/RHSA-2026:4525
Comment 11 errata-xmlrpc 2026-03-12 20:42:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:4543 https://access.redhat.com/errata/RHSA-2026:4543
Comment 12 errata-xmlrpc 2026-03-12 22:46:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:4550 https://access.redhat.com/errata/RHSA-2026:4550
Comment 13 errata-xmlrpc 2026-03-16 01:16:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:4553 https://access.redhat.com/errata/RHSA-2026:4553
Comment 14 errata-xmlrpc 2026-03-16 01:19:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:4554 https://access.redhat.com/errata/RHSA-2026:4554