Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2523

Description

Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.

Affected products

Openftpd/Openftpd Ftp Server4 versions
cpe:2.3:a:openftpd:openftpd_ftp_server:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:openftpd:openftpd_ftp_server:*:*:*:*:*:*:*:*range: <=0.30.2
- cpe:2.3:a:openftpd:openftpd_ftp_server:0.29.4:*:*:*:*:*:*:*
- cpe:2.3:a:openftpd:openftpd_ftp_server:0.30:*:*:*:*:*:*:*
- cpe:2.3:a:openftpd:openftpd_ftp_server:0.30.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2004-07/0350.htmlnvdPatch
secunia.com/advisories/12174nvdPatchVendor Advisory
archives.neohapsis.com/archives/bugtraq/2004-08/0017.htmlnvdExploit
securitytracker.com/idnvdExploitPatch
www.securityfocus.com/bid/10830nvdExploitPatch
www.openftpd.org:9673/openftpdnvd
www.osvdb.org/8261nvd
exchange.xforce.ibmcloud.com/vulnerabilities/16843nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000