fkie_nvd - fkie_cve-2013-4742

fkie_cve-2013-4742

Vulnerability from fkie_nvd

Published

2013-08-09 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html
cve@mitre.org	http://osvdb.org/95582
cve@mitre.org	http://secunia.com/advisories/54188	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/61403
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/85922
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/95582
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54188	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61403
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/85922

Impacted products

Vendor	Product	Version
netwin	surgeftp	*
netwin	surgeftp	2.0c
netwin	surgeftp	2.0d
netwin	surgeftp	2.0e
netwin	surgeftp	2.0f
netwin	surgeftp	2.2k1
netwin	surgeftp	2.2k3
netwin	surgeftp	2.2m1
netwin	surgeftp	2.3a1
netwin	surgeftp	2.3a2
netwin	surgeftp	2.3a6
netwin	surgeftp	2.3a7
netwin	surgeftp	2.3a8
netwin	surgeftp	2.3a9
netwin	surgeftp	2.3a10
netwin	surgeftp	2.3a12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76384B4-0180-42A5-BD06-B22FB3136E95",
              "versionEndIncluding": "2.3b1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38E3BA1-DD78-4CB8-A680-B7D99CAD84B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "283FCBC2-3C13-491C-A145-4177F7C37EA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DE7C06B-1376-4095-A284-14F310D7AA5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C2BB9D2-70AE-4684-B4E7-32610DD9DDC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.2k1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0192C7F5-18F3-4157-BA85-8B4D7076C8AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.2k3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19CD1C-42AD-484E-BB72-FDE2A456E8E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.2m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A86FD78-51C7-4834-9B48-255FCD9E927D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "849A502A-DB29-4B16-A891-B0C478D6D560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ECEB4F1-48B7-495C-9FF6-ACEDD15B0D0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73F32DF-1209-4EC7-9C67-661039454DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D453D462-56F5-4E8C-A2B5-EADC8D518E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A250C0AB-BAB2-4719-923B-2D96B6A7F3DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F6F9844-710C-40BC-9F6F-63D108AD31D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a10:*:*:*:*:*:*:*",
              "matchCriteriaId": "14534BD9-A84C-4150-827B-9B586E681FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netwin:surgeftp:2.3a12:*:*:*:*:*:*:*",
              "matchCriteriaId": "06EE205A-33CE-4847-8350-CB5B7E4274BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en NetWin SurgeFTP anterior a v23d2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena larga dentro de la solicitud de autenticaci\u00f3n."
    }
  ],
  "id": "CVE-2013-4742",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-09T21:55:07.193",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/95582"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54188"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/61403"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0149.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85922"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-4742 (GCVE-0-2013-4742)

Vulnerability from cvelistv5

Published

2013-08-09 21:00