Chintan Trivedi

**Name of the Vulnerable Software and Affected Versions** Mollensoft Lightweight FTP Server version 3.6 **Description** The issue is a buffer overflow that can be triggered by remote authenticated users, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code. This can be achieved by sending a long CWD command, for example, by using the "cd" command in an interactive FTP client. **Recommendations** For Mollensoft Lightweight FTP Server version 3.6, consider restricting access to the CWD command as a temporary workaround until a patch is available. Avoid using long commands in the FTP client to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.