If deny_file is enabled, an attacker can consume all memory.
in the username. For version 2.0.8, the primary documented vulnerability is CVE-2011-0762 vsftpd 2.0.8 exploit github