Home

Description

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-20 | Updated 2025-08-20 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-134 Use of Externally-Controlled Format String

Product status

Default status
unaffected

*
affected

Credits

x000 finder

C4SS!0 G0M3S finder

References

raw.githubusercontent.com/...os/windows/ftp/solarftp_user.rb exploit

www.exploit-db.com/exploits/16204 exploit

web.archive.org/web/20111102141514/https://solarftp.com/ product

web.archive.org/...com/blog/news/solar-ftp-server-2-1-2.html vendor-advisory patch

www.vulncheck.com/...ies/solar-ftp-server-malformed-user-dos third-party-advisory

cve.org (CVE-2011-10029)

nvd.nist.gov (CVE-2011-10029)

Download JSON