What is CVE-2011-5164?

CVE-2011-5164 is a vulnerability in Vandyke Absoluteftp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-09-15.

Is CVE-2011-5164 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Vandyke Absoluteftp

CVE-2011-5164

Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.

Vulnerability class: Buffer Overflow

EPSS: 0.555 (98.1th percentile) — read the EPSS interpretation.

Affected products

Vandyke Absoluteftp — versions 1.9.6, 2.0.3, 2.0.4
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

18102 (Exploit, exploit, x_refsource_EXPLOIT-DB)
46781 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
77105 (x_refsource_OSVDB, vdb-entry)
50614 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2011-5164?: CVE-2011-5164 is a vulnerability in Vandyke Absoluteftp, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-09-15.
Is CVE-2011-5164 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.