CVE-2008-4572

critical

Description

GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.

References

https://www.exploit-db.com/exploits/6738

https://exchange.xforce.ibmcloud.com/vulnerabilities/45818

http://www.vupen.com/english/advisories/2008/2794

http://www.securityfocus.com/bid/31729

http://securityreason.com/securityalert/4422

http://secunia.com/advisories/32218

Details

Source: Mitre, NVD

Published: 2008-10-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.60692