Unrated severityNVD Advisory· Published Dec 8, 2014· Updated May 6, 2026

CVE-2014-1693

Description

Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.

Affected products

Erlang/Erlang\/otp
cpe:2.3:a:erlang:erlang\/otp:r15b03:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/oss-sec/2014/q1/163nvdExploit
advisories.mageia.org/MGASA-2014-0553.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.htmlnvd
www.mandriva.com/security/advisoriesnvd
bugzilla.redhat.com/show_bug.cginvd
usn.ubuntu.com/3571-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000