Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0831

CWE-119Buffer Overflow6 documents4 sources
Severity
9.0CRITICAL
EPSS
40.9%
top 2.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Proftpd Project Proftpd
Timeline
PublishedNov 17
Latest updateApr 29

Description

ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDproftpd_project/proftpd9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-wmjc-5j86-p959: ProFTPD 12022-04-29
CVEList
CVE-2003-0831: ProFTPD 12003-09-25

💥Exploits & PoCs

3
Exploit-DB
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execution / Brute Force2003-10-13
Exploit-DB
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code Execution (1)2003-10-04
Exploit-DB
ProFTPd 1.2.7/1.2.8 - '.ASCII' File Transfer Buffer Overrun2003-09-23