freeftpd CVE Vulnerabilities & Metrics

Focus on freeftpd vulnerabilities and metrics.

Last updated: 03 Dec 2025, 23:25 UTC

About freeftpd Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with freeftpd. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total freeftpd CVEs: 2
Earliest CVE date: 19 Nov 2005, 01:03 UTC
Latest CVE date: 31 Jul 2025, 15:15 UTC

Latest CVE reference: CVE-2013-10042

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical freeftpd CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.54

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	2
7.0-8.9	3
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS freeftpd CVEs

These are the five CVEs with the highest CVSS scores for freeftpd, sorted by severity first and recency.

CVE-2012-6067 freeftpd Published on 04 Dec 2012, 23:55 UTC (CVSS: 10.0)
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2006-2407 freeftpd Published on 16 May 2006, 10:02 UTC (CVSS: 7.5)
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
CVE-2005-3683 freeftpd Published on 19 Nov 2005, 01:03 UTC (CVSS: 7.5)
Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.
CVE-2005-3684 freeftpd Published on 19 Nov 2005, 01:03 UTC (CVSS: 7.5)
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
CVE-2005-3812 freeftpd Published on 26 Nov 2005, 02:03 UTC (CVSS: 6.8)
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.

All CVEs for freeftpd

CVE-2013-10042 freeftpd vulnerability CVSS: 0 31 Jul 2025, 15:15 UTC

A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

CVE-2019-19383 freeftpd vulnerability CVSS: 6.5 03 Dec 2019, 20:15 UTC

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled).

CVE-2012-6067 freeftpd vulnerability CVSS: 10.0 04 Dec 2012, 23:55 UTC

freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

CVE-2006-2407 freeftpd vulnerability CVSS: 7.5 16 May 2006, 10:02 UTC

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

CVE-2005-3812 freeftpd vulnerability CVSS: 6.8 26 Nov 2005, 02:03 UTC

freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.

CVE-2005-3683 freeftpd vulnerability CVSS: 7.5 19 Nov 2005, 01:03 UTC

Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.

CVE-2005-3684 freeftpd vulnerability CVSS: 7.5 19 Nov 2005, 01:03 UTC

Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.