CVE-2010-20113
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-09-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| easyftp_server_project | easyftp_server | to 1.7.0.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. It occurs in the HTTP interface when processing a GET request to list.html. The server does not properly validate the length of the path parameter, so supplying an excessively long value causes a buffer overflow on the stack, which can corrupt control flow structures. This vulnerability can be exploited without authentication due to default anonymous access.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to corrupt control flow structures on the server, potentially leading to arbitrary code execution or denial of service. Since it does not require authentication, an attacker can exploit it remotely via the embedded web server, posing a high security risk.
What immediate steps should I take to mitigate this vulnerability?
Upgrade EasyFTP Server to version 1.7.0.12 or later, where the vulnerability has been fixed and the product renamed to UplusFtp. Until then, restrict or disable access to the embedded HTTP interface, especially the GET request to list.html, to prevent exploitation. Additionally, consider limiting anonymous access or applying network-level controls to block malicious requests targeting this vulnerability.