CVE-2010-20108

FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long directory and filename, the application fails to properly validate input length. This results in a buffer overflow that overwrites the saved Extended Instruction Pointer (EIP), allowing remote attackers to execute arbitrary code.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftppad_list_reply.rb
https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/
https://www.chip.de/downloads/FTPPad_12993921.html
https://www.exploit-db.com/exploits/16726
https://www.vulncheck.com/advisories/ftppad-stack-buffer-overflow
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftppad_list_reply.rb
https://www.exploit-db.com/exploits/16726

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-21 21:15

Updated : 2025-08-22 18:08

NVD link : CVE-2010-20108

Mitre link : CVE-2010-20108

CVE.ORG link : CVE-2010-20108

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2010-20108", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-21T21:15:33.780", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftppad_list_reply.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.chip.de/downloads/FTPPad_12993921.html", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/16726", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/ftppad-stack-buffer-overflow", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftppad_list_reply.rb", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.exploit-db.com/exploits/16726", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long directory and filename, the application fails to properly validate input length. This results in a buffer overflow that overwrites the saved Extended Instruction Pointer (EIP), allowing remote attackers to execute arbitrary code."}, {"lang": "es", "value": "FTPPad <= 1.2.0 contiene una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en su analizador de listados de directorios FTP. Cuando el cliente se conecta a un servidor FTP y recibe una respuesta manipulada a un comando LIST que contiene un directorio y un nombre de archivo excesivamente largos, la aplicaci\u00f3n no valida correctamente la longitud de la entrada. Esto provoca un desbordamiento de b\u00fafer que sobrescribe el puntero de instrucci\u00f3n extendida (EIP) guardado, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "disclosure@vulncheck.com"}