Primary

Context

Xlight FTP Server Stack Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

A stack buffer overflow vulnerability has been identified in Xlight FTP Server version 3.9.3.6. This vulnerability resides in the 'Execute Program' configuration, where an attacker can insert 294 characters into the program execution settings. The overflow leads to a crash of the application, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the application to crash, leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, download and install Xlight FTP Server 3.9.3.6. After installation, navigate to the 'Execute Program' configuration within the server settings. Insert 294 characters into the program execution field. The application will crash, demonstrating the buffer overflow vulnerability.

Added: Dec 15, 2025, 9:44 PM

Updated: Dec 15, 2025, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.8

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.8

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xlight FTP Server Stack Buffer Overflow Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Xlight FTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating