CVE-2012-10023

high-risk
Published 2025-08-05

A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.

Do I need to act?

!
70.6% chance of exploitation in next 30 days
EPSS score — higher than 29% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Freefloat

References (8)

Third Party Advisory https://my.saintcorporation.com/cgi-bin/exploit_info/freefloat_ftp_server_user_c...
Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp...
Third Party Advisory https://web.archive.org/web/20101208040029/http://secunia.com/advisories/42465/
Product https://web.archive.org/web/20101213050627/http://www.freefloat.com/sv/about-/ab...
Exploit https://www.exploit-db.com/exploits/15689
Exploit https://www.exploit-db.com/exploits/23243
Third Party Advisory https://www.vulncheck.com/advisories/freefloat-ftp-server-user-command-buffer-ov...
Exploit https://www.exploit-db.com/exploits/23243
56
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal