CVE-2013-10042

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb	Exploit
https://www.exploit-db.com/exploits/27747	Exploit
https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freeftpd:freeftpd:*:*:*:*:*:*:*:*

History

26 Nov 2025, 14:30

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:freeftpd:freeftpd::::::::
First Time		Freeftpd freeftpd Freeftpd
References	~~() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb -~~	() https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb - Exploit
References	~~() https://www.exploit-db.com/exploits/27747 -~~	() https://www.exploit-db.com/exploits/27747 - Exploit
References	~~() https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow -~~	() https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow - Third Party Advisory

Information

Published : 2025-07-31 15:15

Updated : 2025-11-26 14:30

NVD link : CVE-2013-10042

Mitre link : CVE-2013-10042

CVE.ORG link : CVE-2013-10042

JSON object : View

Products Affected

freeftpd

freeftpd

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2013-10042", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-31T15:15:34.167", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rb", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/27747", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflow", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la pila en freeFTPd versi\u00f3n 1.0.10 y anteriores, relacionada con el manejo del comando FTP PASS. Cuando un atacante env\u00eda una cadena de contrase\u00f1a especialmente manipulada, la aplicaci\u00f3n no valida la longitud de la entrada, lo que provoca una corrupci\u00f3n de memoria. Esto puede provocar una denegaci\u00f3n de servicio o la ejecuci\u00f3n de c\u00f3digo arbitrario. Para explotarla, es necesario habilitar la cuenta de usuario an\u00f3nima."}], "lastModified": "2025-11-26T14:30:13.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:freeftpd:freeftpd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6860F5E3-C041-44F8-AE21-8D1CAF31EA8B", "versionEndIncluding": "1.0.10"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}