← Retour aux CVEs

CVE-2012-10023

CRITICAL

9.8

Description

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/5/2025

Derniere modification9/3/2025

Sourcenvd

Observations honeypot0

Produits affectes

freefloat:freefloat_ftp_server

Faiblesses (CWE)

CWE-121

References

https://my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_cmd(disclosure@vulncheck.com)

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freefloatftp_user.rb(disclosure@vulncheck.com)

https://web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/(disclosure@vulncheck.com)

https://web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/about-.php(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/15689(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/23243(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-overflow(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/23243(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.