CVE-2008-4762

freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via Long Argument to Rename or Realpath Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4762. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This exploit targets a denial-of-service (DoS) vulnerability in FreeSSH 1.2.1 by sending an overly long string (550,000 'A' characters) via an SFTP rename operation, causing the server to crash. It requires valid SSH credentials to authenticate before triggering the crash.

Description

Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Jeremy Brown · perldoswindows
https://www.exploit-db.com/exploits/6800

This exploit targets a denial-of-service (DoS) vulnerability in FreeSSH 1.2.1 by sending an overly long string (550,000 'A' characters) via an SFTP rename operation, causing the server to crash. It requires valid SSH credentials to authenticate before triggering the crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FreeSSH 1.2.1
Auth required
Prerequisites: Valid SSH credentials · Network access to the target SSH server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Jeremy Brown · perldoswindows
https://www.exploit-db.com/exploits/6812

This exploit triggers a denial-of-service (DoS) condition in FreeSSH 1.2.1 by sending an overly long string (262145 'A' characters) via the SFTP realpath function. The crash is a result of a buffer overflow vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FreeSSH 1.2.1
Auth required
Prerequisites: Valid SSH credentials · Network access to the target SSH service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021096
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32366
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31872
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4515
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497746/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6812
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46046
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2897
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6800

Scores

EPSS 0.1450
EPSS Percentile 96.2%

Details

CWE
CWE-119
Status published
Products (1)
freesshd/freesshd 1.2.1
Published Oct 28, 2008
Tracked Since Feb 18, 2026