Unrated severityNVD Advisory· Published Aug 5, 2025· Updated Apr 7, 2026

FreeFloat FTP Server USER Command Buffer Overflow

CVE-2012-10023

Description

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.

Affected products

Freefloat/Freefloat Ftp Serverllm-fuzzy
Range: =1.0.0
FreeFloat/FTP Serverv5
Range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freefloatftp_user.rbmitreexploit
web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/mitretechnical-descriptionexploit
www.exploit-db.com/exploits/15689mitreexploit
www.exploit-db.com/exploits/23243mitreexploit
my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_cmdmitrethird-party-advisory
www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-overflowmitrethird-party-advisory
web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/about-.phpmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.056
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000