Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's REIN Command Handler that allows unauthenticated remote attackers to cause information disclosure, integrity compromise, and denial of service. The vulnerability has been publicly disclosed with exploit code available, making it a high-priority threat for any organization running vulnerable FTP server instances.
Technical ContextAI
FreeFloat FTP Server 1.0 contains a buffer overflow vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in the REIN (Reset) command handler component. The REIN command is a standard FTP protocol command used to restart file transfer sessions. The vulnerability stems from insufficient input validation or bounds checking when processing REIN command arguments, allowing an attacker to write data beyond allocated buffer boundaries. This is a classic memory corruption vulnerability that can lead to arbitrary code execution or information leakage. The affected product is identified through CPE strings related to FreeFloat FTP Server version 1.0.
RemediationAI
Immediate remediation steps: (1) Disable FTP Server 1.0 if not operationally critical, replacing with modern, actively-maintained alternatives (e.g., vsftpd, ProFTPD, or cloud-based file transfer solutions); (2) If retention is mandatory: implement network segmentation restricting FTP access to trusted IP ranges only via firewall rules; (3) Monitor FTP server logs for REIN command anomalies and connection attempts from unexpected sources; (4) Deploy intrusion detection/prevention systems (IDS/IPS) with signatures for buffer overflow attempts against FTP REIN commands; (5) Contact FreeFloat vendor for patch availability - if no patch exists for version 1.0, plan immediate migration to patched or alternative FTP server software; (6) Implement rate limiting on FTP command processing to mitigate automated exploitation attempts.
More in Freefloat Ftp Server
View allA stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. Rated medium severity (CVSS 6.
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via
Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unaut
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Rated high severity (CVSS 7.5), thi
Critical buffer overflow vulnerability in the XMKD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in the XCWD Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Critical buffer overflow vulnerability in the RESTART Command Handler of FreeFloat FTP Server 1.0 that allows unauthenti
Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0 affecting the REGET command handler, allowing unauthe
Critical buffer overflow vulnerability in the PROGRESS Command Handler of FreeFloat FTP Server 1.0 that allows unauthent
Critical buffer overflow vulnerability in the SET Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticate
Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticat
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17005