CVE-2020-37107
Buffer Overflow in Core FTP LE 2.2 Causes Denial of Service
Publication date: 2026-02-07
Last updated on: 2026-02-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| core_ftp | core_ftp_le | to 2.2 (inc) |
| core_ftp | core_ftp_le | From 2.2 (inc) |
| core_ftp | core_ftp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37107 is a denial of service vulnerability in Core FTP LE version 2.2 that occurs due to a buffer overflow condition. An attacker can exploit this by overwriting the account field with a very large input buffer, specifically by pasting a text file containing 20,000 repeated characters into the account field. This causes the application to crash and become unresponsive, requiring reinstallation to restore functionality.
The vulnerability is classified under CWE-120, which involves copying data without properly checking the size of the input, leading to a buffer overflow.
How can this vulnerability impact me? :
This vulnerability can impact users by causing the Core FTP LE application to crash and become unusable when the account field is overwritten with a large buffer. The application will not open again until it is uninstalled and reinstalled, resulting in a denial of service condition.
Since the attack requires local access and user interaction to paste the large input, it can disrupt normal operations and cause downtime for users relying on Core FTP LE for file transfers.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on Core FTP LE 2.2 by using the exploit method described.'}, {'type': 'list_item', 'content': 'Open Core FTP LE 2.2.'}, {'type': 'list_item', 'content': 'Select "Connect" from the File menu.'}, {'type': 'list_item', 'content': 'Click "Advanced" in the Host/IP/URL field.'}, {'type': 'list_item', 'content': 'Run a Python script to generate a text file (e.g., "Dog.txt") containing 20,000 repeated characters.'}, {'type': 'list_item', 'content': 'Copy the contents of this file and paste it into the "Account" field.'}, {'type': 'list_item', 'content': 'Click OK and observe if the application crashes and becomes unresponsive.'}, {'type': 'paragraph', 'content': 'No specific network commands or automated detection commands are provided in the available resources.'}] [2, 4]
What immediate steps should I take to mitigate this vulnerability?
The provided resources do not specify any direct mitigation steps or patches for this vulnerability.
Since the vulnerability requires user interaction and local access to trigger, immediate mitigation could include:
- Avoid pasting or entering excessively large input buffers (such as 20,000 repeated characters) into the Account field of Core FTP LE 2.2.
- Restrict access to Core FTP LE 2.2 to trusted users only.
- Monitor for suspicious activity involving large input buffers in the application.
Checking for updates or newer versions of Core FTP LE that may have addressed this issue is recommended, although no update information is provided.