What is CVE-2011-3976?

CVE-2011-3976 is a vulnerability in Ammsoft Scriptftp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-10-04.

Is CVE-2011-3976 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Ammsoft Scriptftp

CVE-2011-3976

Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.

Vulnerability class: Buffer Overflow

EPSS: 0.663 (98.5th percentile) — read the EPSS interpretation.

Affected products

Ammsoft Scriptftp — versions 3.3
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

VU#440219 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
scriptftp-getlist-bo(69962) (vdb-entry, x_refsource_XF)
17876 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (URL Repurposed, Exploit, x_refsource_MISC)
46099 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
49707 (Exploit, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2011-3976?: CVE-2011-3976 is a vulnerability in Ammsoft Scriptftp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-10-04.
Is CVE-2011-3976 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.