CVE-2013-10042

9.8 CRITICAL
Published: July 31, 2025 Modified: November 26, 2025
View on NVD

Description

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb
Source: disclosure@vulncheck.com
Exploit
https://www.exploit-db.com/exploits/27747
Source: disclosure@vulncheck.com
Exploit
https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow
Source: disclosure@vulncheck.com
Third Party Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
55.3%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-121

Affected Vendors

freeftpd

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3