CVE-2018-7573

An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465.
References
Link Resource
https://cxsecurity.com/issue/WLB-2018030011 Exploit Third Party Advisory
https://www.exploit-db.com/exploits/44596/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/44968/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:ftpshell:ftpshell_client:6.70:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-01 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-7573

Mitre link : CVE-2018-7573

CVE.ORG link : CVE-2018-7573


JSON object : View

Products Affected

ftpshell

  • ftpshell_client
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer