CVE-2010-20122

Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/xftp_client_pwd.rb
https://web.archive.org/web/20090312072219/http://www.netsarang.com/download/down_xft3.html
https://www.exploit-db.com/exploits/12332
https://www.exploit-db.com/exploits/16739
https://www.vulncheck.com/advisories/xftp-ftp-client-pwd-response-buffer-overflow

Configurations

No configuration.

History

22 Aug 2025, 18:08

Type	Values Removed	Values Added
Summary		(es) Las versiones de Xftp FTP Client hasta la 3.0 (compilación 0238) contienen una vulnerabilidad de desbordamiento de búfer en la pila, desencadenada por una respuesta PWD maliciosa desde un servidor FTP. Cuando el cliente se conecta a un servidor y recibe una cadena de directorio excesivamente larga en respuesta al comando PWD, no valida correctamente la longitud de la entrada antes de copiarla en un búfer de tamaño fijo. Esto provoca corrupción de memoria y permite a atacantes remotos ejecutar código arbitrario en el sistema cliente.

21 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 21:15

Updated : 2025-08-22 18:08

NVD link : CVE-2010-20122

Mitre link : CVE-2010-20122

CVE.ORG link : CVE-2010-20122

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2010-20122", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-21T21:15:34.680", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/xftp_client_pwd.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20090312072219/http://www.netsarang.com/download/down_xft3.html", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/12332", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/16739", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/xftp-ftp-client-pwd-response-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system."}, {"lang": "es", "value": "Las versiones de Xftp FTP Client hasta la 3.0 (compilaci\u00f3n 0238) contienen una vulnerabilidad de desbordamiento de b\u00fafer en la pila, desencadenada por una respuesta PWD maliciosa desde un servidor FTP. Cuando el cliente se conecta a un servidor y recibe una cadena de directorio excesivamente larga en respuesta al comando PWD, no valida correctamente la longitud de la entrada antes de copiarla en un b\u00fafer de tama\u00f1o fijo. Esto provoca corrupci\u00f3n de memoria y permite a atacantes remotos ejecutar c\u00f3digo arbitrario en el sistema cliente."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "disclosure@vulncheck.com"}