Unrated severityNVD Advisory· Published Jul 31, 2025· Updated Apr 7, 2026

freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow

CVE-2013-10042

Description

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

Affected products

Freeftpd/Freeftpdv5
Range: *

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/freeftpd_pass.rbmitreexploit
www.exploit-db.com/exploits/27747mitreexploit
www.vulncheck.com/advisories/freeftpd-pass-command-stack-based-buffer-overflowmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.048
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000