CVE-2010-20115
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arcanesoft | vermillion_ftp_daemon | 1.31 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-704 | The product does not correctly convert an object, resource, or structure from one type to a different type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Arcane Software's Vermillion FTP Daemon (vftpd) versions up to and including 1.31. It is caused by a memory corruption triggered by a malformed FTP PORT command. Specifically, the flaw arises from an out-of-bounds array access during input parsing, which allows an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is limited to a single execution attempt if the daemon is installed as a Windows service.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with direct access to the FTP service to execute arbitrary code on the affected system. This could lead to unauthorized control over the system, potentially compromising data, disrupting services, or enabling further attacks. The impact is severe given the high CVSS score of 9.3, indicating critical risk.