Cyber Resilience

CVE-2024-57392

High

Published: 06 February 2025

Published
06 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0461 89.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57392 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57392 is a buffer overflow vulnerability, tracked under CWE-120, that affects ProFTPD at commit 4017eff8. The flaw resides in the FTP service and can be triggered by network input processed on the service port, producing a CVSS 3.1 base score of 7.5 with network attack vector, low complexity, and no required privileges or user interaction.

A remote attacker can send a maliciously crafted message to the ProFTPD listening port to trigger the overflow. Successful exploitation may permit arbitrary code execution or a denial-of-service condition that disrupts the FTP service.

A Debian LTS security announcement published in March 2025 addresses the issue for affected distributions, while a public repository demonstrates the reproduction steps. The associated EPSS score rose from lower values to a peak of 0.0618 on 2026-03-17 before receding to the current 0.0461, indicating a temporary increase in observed exploitation interest after disclosure.

EU & UK References

Vulnerability details

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing ProFTPD FTP service directly enables remote exploitation for code execution or DoS via crafted network messages (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47854Shared CWE-120
CVE-2024-39803Shared CWE-120
CVE-2024-37184Shared CWE-120
CVE-2025-66647Shared CWE-120
CVE-2024-39750Shared CWE-120
CVE-2025-52909Shared CWE-120
CVE-2025-50398Shared CWE-120
CVE-2025-25674Shared CWE-120
CVE-2022-50922Shared CWE-120
CVE-2024-57471Shared CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates the buffer overflow vulnerability by applying patches or updates to the vulnerable Proftpd commit 4017eff8.

prevent

Memory protection safeguards such as ASLR and stack canaries prevent arbitrary code execution from the buffer overflow exploitation.

prevent

Information input validation checks incoming FTP messages for validity, reducing the risk of buffer overflows from maliciously crafted inputs.

References