Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
LeapFTP Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the LeapFTP FTP client, specifically in versions prior to 3.1.x. The issue arises in the FTP client parser, where the application fails to properly validate directory listing filenames longer than 528 bytes. This lack of input validation allows an attacker operating a malicious FTP server to overwrite the Structured Exception Handler (SEH) chain, potentially leading to arbitrary code execution on the victim's machine when the file is listed or downloaded.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the victim's machine.
Reproduction
The vulnerability can be reproduced by using a malicious FTP server to send a directory listing response that includes filenames longer than 528 bytes. When the LeapFTP client receives this response, the buffer overflow occurs, overwriting the SEH chain and allowing for arbitrary code execution.
Remediation
Users are advised to update to LeapFTP version 3.1.0 or later, which addresses this vulnerability.