In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
This is fixed in proftpd 1.3.6c:
The fix was backported to proftpd 1.3.5e for EPEL-7:
The fix was backported to proftpdd 1.3.3g for EPEL-6: