CVE-2006-6909

critical

Description

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.

References

http://www.securityfocus.com/bid/21832

http://sourceforge.net/tracker/index.php?func=detail&aid=1622117&group_id=141946&atid=751061

http://marc.info/?l=full-disclosure&m=116760539609173&w=2

Details

Source: Mitre, NVD

Published: 2006-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04568