Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes. gFTP contains local copy of fsplib source code to support FSP protocol.
Upstream patch: http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.15&r2=1.16 Further information about the issue: https://bugzilla.novell.com/show_bug.cgi?id=150399
"Red Hat does not consider a user assisted client crash such as this to be a security flaw."