[原文]Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer.
A remote overflow exists in FileZilla. The server fails to validate user-supplied input to the PORT or PASS commands following the MLSD command resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 2.2.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.