Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution

Suggested description

Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.


Vulnerability Type

Buffer Overflow


Vendor of Product

Core FTP


Affected Product Code Base

Core FTP LE - 2.2 Build 1921


Affected Component

Affected FTP command(response): PASV and possibly others.


Attack Type

Remote


Impact Code execution

true


Impact Denial of Service

true


Attack Vectors

In order to exploit this vulnerability an attacker has to host a malicious ftp server


Discoverer

Berk Cem Göksel


Reference

Reference: https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa

PoC: https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment