CVE-2013-3930

critical

Published 2014-04-04 · Modified 2026-05-06

CVSS v3

—

CVSS v2

9.3

VIR risk

9.3

Description

Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://www.coreftp.com/forums/viewtopic.php?t=222102

vendor Authored 2026-05-27

Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://secunia.com/advisories/53743

Application impact

Vendor	Product	Versions	Fixed
coreftp	core_ftp	`{"endIncluding":"2.2"}`

References

http://osvdb.org/96314
http://secunia.com/advisories/53743
http://www.coreftp.com/forums/viewtopic.php?t=222102
http://www.securityfocus.com/bid/61786
http://osvdb.org/96314
http://secunia.com/advisories/53743
http://www.coreftp.com/forums/viewtopic.php?t=222102
http://www.securityfocus.com/bid/61786

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.