CVE-2013-10042

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb	Exploit
https://www.exploit-db.com/exploits/27747	Exploit
https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freeftpd:freeftpd:*:*:*:*:*:*:*:*

History

26 Nov 2025, 14:30

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de desbordamiento de búfer en la pila en freeFTPd versión 1.0.10 y anteriores, relacionada con el manejo del comando FTP PASS. Cuando un atacante envía una cadena de contraseña especialmente manipulada, la aplicación no valida la longitud de la entrada, lo que provoca una corrupción de memoria. Esto puede provocar una denegación de servicio o la ejecución de código arbitrario. Para explotarla, es necesario habilitar la cuenta de usuario anónima.
First Time		Freeftpd Freeftpd freeftpd
CPE		cpe:2.3:a:freeftpd:freeftpd::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb -~~	() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb - Exploit
References	~~() https://www.exploit-db.com/exploits/27747 -~~	() https://www.exploit-db.com/exploits/27747 - Exploit
References	~~() https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow -~~	() https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow - Third Party Advisory

31 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 15:15

Updated : 2025-11-26 14:30

NVD link : CVE-2013-10042

Mitre link : CVE-2013-10042

CVE.ORG link : CVE-2013-10042

JSON object : View

Products Affected

freeftpd

freeftpd

CWE

CWE-121

Stack-based Buffer Overflow

9.8 /10