Buffer overflow in Netwin Surgeftp

CVE-2013-4742

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.

Vulnerability class: Buffer Overflow

EPSS: 0.037 (88.2th percentile) — read the EPSS interpretation.

Affected products

Netwin Surgeftp — versions 2.0c, 2.0d, 2.0e
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

54188 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
surgeftp-cve20134742-vfprint-bo(85922) (vdb-entry, x_refsource_XF)
95582 (x_refsource_OSVDB, vdb-entry)
61403 (vdb-entry, x_refsource_BID)
20130722 SurgeFtp Server BufferOverflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)