A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.Referenceshttps://access.redhat.com/errata/RHSA-2026:0605https://access.redhat.com/errata/RHSA-2026:0606https://access.redhat.com/errata/RHSA-2026:0608https://access.redhat.com/security/cve/CVE-2025-14242https://bugzilla.redhat.com/show_bug.cgi?id=2419826
