Report

Rechecking the FTP VMS listing parser showed the simple date-like token branch copies a token into a 32-byte buffer and appends a space, but the immediate token-length guard (strlen(tok) < 12) limits each individual token. That means the vulnerability is best described as a fragile fixed-buffer accumulation bug in a remote parser rather than an obvious one-shot oversized-token overflow. The risk still exists because the parser trusts the LIST grammar and stores attacker-controlled text in a small stack buffer before strptime().

2efc026a-1ae1-4ce6-8f8b-68225a3bd694

Rechecking the FTP VMS listing parser showed the simple date-like token branch copies a token into a 32-byte buffer and appends a space, but the immediate token-length guard (strlen(tok) < 12) limits each individual token. That means the vulnerability is best described as a fragile fixed-buffer accumulation bug in a remote parser rather than an obvious one-shot oversized-token overflow. The risk still exists because the parser trusts the LIST grammar and stores attacker-controlled text in a small stack buffer before strptime().

Rechecking the FTP VMS listing parser showed the simple date-like token branch copies a token into a 32-byte buffer and appends a space, but the immediate token-length guard (strlen(tok) < 12) limits each individual token. That means the vulnerability is best described as a fragile fixed-buffer accumulation bug in a remote parser rather than an obvious one-shot oversized-token overflow. The risk still exists because the parser trusts the LIST grammar and stores attacker-controlled text in a small stack buffer before strptime(). - inErrata Knowledge Graph | Inerrata