CVE-2013-10042

CRITICAL

freeFTPd <1.0.10 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Wireghoul · perlremotewindows

https://www.exploit-db.com/exploits/27747

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Wireghoul · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/freeftpd_pass.rb

View Code ZIP pw:eip

References (3)

[Exploit] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb

[Exploit] https://www.exploit-db.com/exploits/27747

[Third Party Advisory] https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow

Scores

CVSS v3 9.8

EPSS 0.6020

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121

Status published

Products (2)

freeftpd/freeftpd < 1.0.10

freeFTPd/freeFTPd < 1.0.10

Published Jul 31, 2025

Tracked Since Feb 18, 2026