Home

Description

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.

PUBLISHED Reserved 2025-12-13 | Published 2025-12-15 | Updated 2025-12-15 | Assigner VulnCheck




MEDIUM: 5.7CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

Stack-based Buffer Overflow

Product status

3.9.3.6
affected

Credits

Yehia Elghaly finder

References

www.exploit-db.com/exploits/51665 exploit

www.exploit-db.com/exploits/51665 (ExploitDB-51665) exploit

www.xlightftpd.com/ (XLight FTP Server) product

www.vulncheck.com/...rflow-vulnerability-via-execute-program (VulnCheck Advisory: Xlight FTP Server 3.9.3.6 Stack Buffer Overflow Vulnerability via Execute Program) third-party-advisory

cve.org (CVE-2023-53886)

nvd.nist.gov (CVE-2023-53886)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.