CVE-2011-10029
Solar FTP Server <= 2.1.1 Malformed USER Denial of Service
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.
| CWE | CWE-134 |
| Vendor | flexbyte software |
| Product | solar ftp server |
| Published | Aug 20, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for flexbyte software solar ftp server
Be the first to know when new unknown vulnerabilities affecting flexbyte software solar ftp server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Flexbyte Software / Solar FTP Server
* โค 2.1.1
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/ftp/solarftp_user.rb exploit-db.com: https://www.exploit-db.com/exploits/16204 web.archive.org: https://web.archive.org/web/20111102141514/https://solarftp.com/ web.archive.org: https://web.archive.org/web/20111009122553/http://solarftp.com/blog/news/solar-ftp-server-2-1-2.html vulncheck.com: https://www.vulncheck.com/advisories/solar-ftp-server-malformed-user-dos
Credits
x000 C4SS!0 G0M3S