← Voltar para CVEs
CVE-2013-10042
CRITICAL9.8
Descricao
A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/31/2025
Ultima modificacao11/26/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
freeftpd:freeftpd
Fraquezas (CWE)
CWE-121
Referencias
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/27747(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.