CVE-2013-10042
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-11-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freeftpd | freeftpd | to 1.0.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in freeFTPd version 1.0.10 and earlier. It occurs when the FTP PASS command processes a specially crafted password string without validating its length, causing memory corruption. Exploitation requires the anonymous user account to be enabled.
How can this vulnerability impact me? :
The vulnerability can lead to denial of service or arbitrary code execution on the affected system, potentially allowing an attacker to take control or disrupt services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, disable the anonymous user account in freeFTPd if it is enabled, as exploitation requires it. Additionally, update freeFTPd to a version later than 1.0.10 where this vulnerability is fixed, or apply any available patches from the vendor.