CVE-2020-37107
Unknown Unknown - Not Provided
Buffer Overflow in Core FTP LE 2.2 Causes Denial of Service

Publication date: 2026-02-07

Last updated on: 2026-02-07

Assigner: VulnCheck

Description
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-07
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37107
EUVD
EUVD-2020-31101
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
core_ftp core_ftp_le to 2.2 (inc)
core_ftp core_ftp_le From 2.2 (inc)
core_ftp core_ftp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37107 is a denial of service vulnerability in Core FTP LE version 2.2 that occurs due to a buffer overflow condition. An attacker can exploit this by overwriting the account field with a very large input buffer, specifically by pasting a text file containing 20,000 repeated characters into the account field. This causes the application to crash and become unresponsive, requiring reinstallation to restore functionality.

The vulnerability is classified under CWE-120, which involves copying data without properly checking the size of the input, leading to a buffer overflow.

Impact Analysis

This vulnerability can impact users by causing the Core FTP LE application to crash and become unusable when the account field is overwritten with a large buffer. The application will not open again until it is uninstalled and reinstalled, resulting in a denial of service condition.

Since the attack requires local access and user interaction to paste the large input, it can disrupt normal operations and cause downtime for users relying on Core FTP LE for file transfers.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on Core FTP LE 2.2 by using the exploit method described.'}, {'type': 'list_item', 'content': 'Open Core FTP LE 2.2.'}, {'type': 'list_item', 'content': 'Select "Connect" from the File menu.'}, {'type': 'list_item', 'content': 'Click "Advanced" in the Host/IP/URL field.'}, {'type': 'list_item', 'content': 'Run a Python script to generate a text file (e.g., "Dog.txt") containing 20,000 repeated characters.'}, {'type': 'list_item', 'content': 'Copy the contents of this file and paste it into the "Account" field.'}, {'type': 'list_item', 'content': 'Click OK and observe if the application crashes and becomes unresponsive.'}, {'type': 'paragraph', 'content': 'No specific network commands or automated detection commands are provided in the available resources.'}] [2, 4]

Mitigation Strategies

The provided resources do not specify any direct mitigation steps or patches for this vulnerability.

Since the vulnerability requires user interaction and local access to trigger, immediate mitigation could include:

  • Avoid pasting or entering excessively large input buffers (such as 20,000 repeated characters) into the Account field of Core FTP LE 2.2.
  • Restrict access to Core FTP LE 2.2 to trusted users only.
  • Monitor for suspicious activity involving large input buffers in the application.

Checking for updates or newer versions of Core FTP LE that may have addressed this issue is recommended, although no update information is provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37107. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart