CVE-2013-10042

UNKNOWN 0.0

freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

CWE	CWE-121
Vendor	freeftpd
Product	freeftpd
Published	Jul 31, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for freeftpd freeftpd

Be the first to know when new unknown vulnerabilities affecting freeftpd freeftpd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

freeFTPd / freeFTPd

* ≤ 1.0.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb exploit-db.com: https://www.exploit-db.com/exploits/27747 vulncheck.com: https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow

Credits

Wireghoul