CVE-2010-20122

Exploit

EPSS 59.03%
Veröffentlicht 21.08.2025 20:16:17
Zuletzt bearbeitet 22.08.2025 18:08:51
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerNetSarang Computer, Inc.

≫

Produkt Xftp FTP Client

Default Statusunknown

Version <= 3.0 (build 0238)

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	59.03%	0.981

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/xftp_client_pwd.rb

https://www.exploit-db.com/exploits/12332

https://www.exploit-db.com/exploits/16739

https://web.archive.org/web/20090312072219/http://www.netsarang.com/download/down_xft3.html

https://www.vulncheck.com/advisories/xftp-ftp-client-pwd-response-buffer-overflow

https://nvd.nist.gov/vuln/detail/CVE-2010-20122

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-20122

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-20122

EUVD