CVEs-PoC/2011/CVE-2011-0418.md

### [CVE-2011-0418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0418)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

### POC

#### Reference
- http://securityreason.com/achievement_securityalert/97
- http://securityreason.com/securityalert/8228

#### Github
No PoCs found on GitHub currently.