CVE-2024-57392

High

Published: 06 February 2025

Published

06 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0461 89.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.

Security Summary

CVE-2024-57392 is a buffer overflow vulnerability (CWE-120) present in Proftpd at commit 4017eff8. It affects the ProFTPD FTP service, where a remote attacker can send a maliciously crafted message to the service port, potentially leading to arbitrary code execution or a denial of service (DoS) condition.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating exploitation over the network with low attack complexity, no required privileges or user interaction, and a primary impact on availability through high-severity disruption. Any unauthenticated remote attacker able to reach the exposed ProFTPD port can trigger the buffer overflow to crash the service (DoS) or, in some cases, execute arbitrary code.

Advisories and related resources include a Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/03/msg00003.html, which likely details patches or mitigations for affected Debian systems. A GitHub repository at https://github.com/Br1m4zz/protocol_vul_repoduce.git provides reproduction materials for the vulnerability.

Details

CWE(s): CWE-120

References

https://github.com/Br1m4zz/protocol_vul_repoduce.git
cve@mitre.org
https://lists.debian.org/debian-lts-announce/2025/03/msg00003.html
af854a3a-2127-422b-91ae-364da2661108