CVE-2014-4643

Name of the Vulnerable Software and Affected Versions Core FTP LE version 2.2 build 1798

Description The issue is related to multiple heap-based buffer overflows in the client. This can be triggered by remote FTP servers sending a long string in response to certain commands, potentially causing a denial of service or allowing the execution of arbitrary code. The commands that can trigger this issue include USER, PASS, PASV, SYST, PWD, and CDUP.

Recommendations For Core FTP LE version 2.2 build 1798, consider avoiding the use of the affected commands until a patch is available. As a temporary workaround, restrict access to the FTP client to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.