CVE-2012-10023
published 2025-08-05CVE-2012-10023: A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.67%
73.9th percentile
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freefloat | freefloat_ftp_server | — | — |
| freefloat | ftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit is triggered via an overly long string sent to the FTP USER command, causing a stack-based buffer overflow in FreeFloat FTP Server 1.0.0 ↗
- →Monitor FTP USER command payloads for abnormally long username strings targeting FreeFloat FTP Server ↗
- →A Metasploit module exists for this vulnerability; look for exploit framework signatures in network traffic targeting FTP USER command on FreeFloat FTP Server ↗
- ·Vulnerability is specific to FreeFloat FTP Server version 1.0.0 only; other versions are not confirmed affected ↗
- ·The overflow occurs in the USER command handler; the server fails to validate input length before writing to a fixed-size stack buffer ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_cmdhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freefloatftp_user.rbhttps://web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/https://web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/about-.phphttps://www.exploit-db.com/exploits/15689https://www.exploit-db.com/exploits/23243https://www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-overflowhttps://www.exploit-db.com/exploits/23243
2025-08-05
Published