CVE-2013-3930

Core FTP < 2.2 - Remote Code Execution via CWD Command Reply

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply.

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.coreftp.com/forums/viewtopic.php?t=222102
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61786
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/96314
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53743

Scores

EPSS 0.0302
EPSS Percentile 85.9%

Details

CWE
CWE-119
Status published
Products (1)
coreftp/core_ftp < 2.2
Published Apr 04, 2014
Tracked Since Feb 18, 2026