← Volver a CVEs
CVE-2013-10042
CRITICAL9.8
Descripcion
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/31/2025
Ultima modificacion11/26/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
freeftpd:freeftpd
Debilidades (CWE)
CWE-121
Referencias
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/27747(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.