CVE-2019-25614
🔴 Łataj teraz
Przepełnienie bufora w Free Float FTP 1.0 umożliwia zdalne wykonanie dowolnego kodu przez wysłanie spreparowanego polecenia STOR.
CVSS
9.8
EPSS
0.4%
Exploit
poc
Vendor
freefloat
Opis źródłowy (NVD)
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the FTP server.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.4% |
| Opublikowano (NVD) | 2026-03-22 14:16:29 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-23 19:42:13 UTC |
Referencje
- http://www.freefloat.com/software/freefloatftpserver.zip (disclosure@vulncheck.com) [Broken Link]
- https://www.exploit-db.com/exploits/46763 (disclosure@vulncheck.com) [Exploit, Third Party Advisory, VDB Entry]
- https://www.vulncheck.com/advisories/free-float-ftp-stor-command-remote-buffer-overflow (disclosure@vulncheck.com) [Third Party Advisory]