← Voltar para CVEs
CVE-2012-10023
CRITICAL9.8
Descricao
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/5/2025
Ultima modificacao9/3/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
freefloat:freefloat_ftp_server
Fraquezas (CWE)
CWE-121
Referencias
https://my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_cmd(disclosure@vulncheck.com)
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freefloatftp_user.rb(disclosure@vulncheck.com)
https://web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/(disclosure@vulncheck.com)
https://web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/about-.php(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/15689(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/23243(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-overflow(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/23243(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.