← Voltar para CVEs

CVE-2010-20113

CRITICAL

9.8

Descricao

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado8/21/2025

Ultima modificacao9/10/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

easyftp_server_project:easyftp_server

Fraquezas (CWE)

CWE-121

Referencias

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rb(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/11500(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/easyftp-server-list-html-stack-buffer-overflow(disclosure@vulncheck.com)

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/easyftp_list.rb(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.exploit-db.com/exploits/11500(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.