Legacy versions are vulnerable to memory leaks and CPU exhaustion. For example, a memory leak can occur if the deny_file option is enabled, allowing an attacker to exhaust system memory. Additionally, crafted "glob" expressions in STAT commands can trigger high CPU consumption.
Modern versions include critical security enhancements like per-process memory limits and improved sandboxing. VulnHub/Stapler1.md at master - GitHub vsftpd 208 exploit github fix
Many online references incorrectly attribute the "smiley face" backdoor—where entering :) as a username opens a root shell on port 6200—to version 2.0.8. This exploit actually affected a compromised distribution of vsftpd 2.3.4 . Legacy versions are vulnerable to memory leaks and