CVE-2013-3930
Core FTP < 2.2 - Remote Code Execution via CWD Command Reply
Title source: llmDescription
Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.coreftp.com/forums/viewtopic.php?t=222102
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61786
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96314
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53743
Scores
EPSS
0.0302
EPSS Percentile
85.9%
Details
CWE
CWE-119
Status
published
Products (1)
coreftp/core_ftp
< 2.2
Published
Apr 04, 2014
Tracked Since
Feb 18, 2026