CVE-2003-1445

Far Manager 1.70beta1 - Stack-based Buffer Overflow via Long Pathname

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1445. PoCs published by 3APA3A.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in FAR by creating directories with overly long paths, leading to a denial of service (DoS) condition. The PoC uses environment variables and the `mkdir` command to trigger the vulnerability.

Description

Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.

Exploits (1)

exploitdb WORKING POC VERIFIED
by 3APA3A · textdoslinux
https://www.exploit-db.com/exploits/22243

This exploit demonstrates a buffer overflow vulnerability in FAR by creating directories with overly long paths, leading to a denial of service (DoS) condition. The PoC uses environment variables and the `mkdir` command to trigger the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FAR (File and Archive Manager) versions affected by CVE-2003-1445
No auth needed
Prerequisites: Access to a system with vulnerable FAR software installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11293
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3281
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6822
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/311334

Scores

EPSS 0.0123
EPSS Percentile 65.1%

Details

CWE
CWE-119
Status published
Products (3)
rarlab/far_manager 1.65
rarlab/far_manager 1.70_beta_1
rarlab/far_manager 1.70_beta_4
Published Dec 31, 2003
Tracked Since Feb 18, 2026