Two buffer overflows exist in lftp versions 2.3 to 2.6.9. When using the ls and rels commands during an HTTP/HTTPS connection, an attacker has the opportunity to exploit a sscanf() call in try_netscape_proxy() and try_squid_eplf().
763cfb7b83021a88fea152144b0becd3ae188d5febab74fae428d2aa26a62665