curl: FTP entrypath accepts 0xFF (Telnet IAC) through incomplete ISCNTRL filter, sent on wire via CWD on connection reuse

Summary A malicious FTP server can embed byte 0xFF Telnet IAC in the PWD response path. The ISCNTRL filter at lib/ftp.c:3095 expands to ISLOWCNTRLx || IS7Fx, which is unsigned charx entrypath line 3131 and sent verbatim via CWD %s on connection reuse line 849. I understand the KNOWNRISK.md and...

CVE-1999-0082

CWD root command in ftpd allows root access...

CVE-1999-0671

Buffer overflow in ToxSoft NextFTP client through CWD command...

EUVD-2008-5408

Malware in sbrugna...

EUVD-2001-1174

Malware in sbrugna...

EUVD-1999-0362

Malware in sbrugna...

EUVD-1999-0201

Malware in sbrugna...

EUVD-2001-0296

Malware in sbrugna...

EUVD-2007-1077

Malware in sbrugna...

EUVD-2001-0766

Malware in sbrugna...

EUVD-2020-6306

Malware in sbrugna...

EUVD-1999-0653

Malware in sbrugna...

EUVD-2005-0313

Malware in sbrugna...

EUVD-2009-2822

Malware in sbrugna...

EUVD-2005-0959

Malware in sbrugna...

EUVD-2000-1179

Malware in sbrugna...

EUVD-2021-28649

Malicious code in bioql PyPI...

CVE-2025-5665

A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

CVE-2002-2232

Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD CWD command...

CVE-1999-0219

Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service crash via a long 1 CWD or 2 LS list command...