CVE-2010-20049

Exploit

EPSS 50.13%
Veröffentlicht 20.08.2025 15:36:11
Zuletzt bearbeitet 22.08.2025 18:09:17
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

LeapFTP < 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler (SEH) chain. This allows an attacker operating a malicious FTP server to execute arbitrary code on the victim’s machine when the file is listed or downloaded.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLeapWare

≫

Produkt LeapFTP

Default Statusunaffected

Version < 3.1.x

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	50.13%	0.977

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/leapftp_list_reply.rb

https://www.exploit-db.com/exploits/16704

https://web.archive.org/web/20111013232627/http://www.leapware.com/

https://www.vulncheck.com/advisories/leapftp-stack-buffer-overflow

https://nvd.nist.gov/vuln/detail/CVE-2010-20049

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-20049

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-20049

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2010-20049