CVE-2023-53886
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xlightftpd | xlight_ftp_server | 3.9.3.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53886 is a stack-based buffer overflow vulnerability in Xlight FTP Server version 3.9.3.6. It occurs in the 'Execute Program' configuration feature, where an attacker can input 294 characters into the program execution configuration, causing the buffer to overflow. This overflow crashes the application, resulting in a denial of service (DoS) condition. The vulnerability requires local access with low privileges and user interaction to be triggered. [2, 3]
How can this vulnerability impact me? :
This vulnerability can cause the Xlight FTP Server application to crash, leading to a denial of service (DoS) condition. This means legitimate users may be unable to access the FTP service while the server is down, potentially disrupting business operations that rely on file transfers. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the 'Execute a Program after user logged in' configuration in Xlight FTP Server version 3.9.3.6 for the presence of an input string of 294 characters, which triggers the stack buffer overflow. A practical detection method is to review the server configuration for this setting and verify if such an excessively long string is present. Additionally, monitoring for crashes or denial of service conditions related to the FTP server may indicate exploitation attempts. There is a proof-of-concept Python script that generates an 'exploit.txt' file containing the overflow string, which can be used in a controlled environment to test the vulnerability. Specific commands are not provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable 'Execute Program' configuration feature with inputs exceeding normal length (specifically avoiding inputs of 294 characters or more). Updating the Xlight FTP Server to a version later than 3.9.3.6, such as the latest version 3.9.4.6, is recommended to address this vulnerability. Additionally, monitoring the server for crashes and restricting local access to trusted users can reduce the risk of exploitation. [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.