CVE-2014-4643

Core FTP LE 2.2 build 1798 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4643. PoCs published by Gabor Seljan.

AI-analyzed exploit summary This exploit demonstrates a heap overflow vulnerability in Core FTP LE 2.2 by sending an overly long response to the PASV command, causing the application to crash. The PoC sets up a malicious FTP server to trigger the vulnerability.

Description

Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Gabor Seljan · pythondoswindows
https://www.exploit-db.com/exploits/33713

This exploit demonstrates a heap overflow vulnerability in Core FTP LE 2.2 by sending an overly long response to the PASV command, causing the application to crash. The PoC sets up a malicious FTP server to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Core FTP LE 2.2 build 1798
No auth needed
Prerequisites: Network access to the target · Target must connect to the malicious FTP server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58818
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/108051
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33713

Scores

EPSS 0.0876
EPSS Percentile 94.5%

Details

CWE
CWE-119
Status published
Products (1)
coreftp/core_ftp 2.2
Published Jun 25, 2014
Tracked Since Feb 18, 2026