Suggested description
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.
Vulnerability Type
Buffer Overflow
Vendor of Product
Core FTP
Affected Product Code Base
Core FTP LE - 2.2 Build 1921
Affected Component
Affected FTP command(response): PASV and possibly others.
Attack Type
Remote
Impact Code execution
true
Impact Denial of Service
true
Attack Vectors
In order to exploit this vulnerability an attacker has to host a malicious ftp server
Discoverer
Berk Cem Göksel
Reference
Reference: https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa
PoC: https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9