Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
Max CVSS
5.0
EPSS Score
0.40%
Published
2014-06-25
Updated
2014-06-26
Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply.
Max CVSS
9.3
EPSS Score
1.40%
Published
2014-04-04
Updated
2014-08-11
2 vulnerabilities found