CVE-2019-25614

Name of the Vulnerable Software and Affected Versions Free Float FTP version 1.0

Description The software contains a buffer overflow in the handler for the STOR command. Remote attackers can execute arbitrary code by sending a specially crafted STOR request with an oversized payload. Attackers can authenticate using anonymous credentials to send a malicious STOR command containing 247 bytes of padding, a return address, and shellcode, triggering code execution on the FTP server. The vulnerable component is the STOR command handler.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.