CVE-2020-37122
Buffer Overflow in SpotFTP-FTP Password Recover Causes DoS
Publication date: 2026-02-07
Last updated on: 2026-02-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsauditor | spotftp-ftp_password_recover | 2.4.8 |
| nsauditor | spotftp-ftp_password_recover | to 2.4.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2020-37122 is a denial of service vulnerability in SpotFTP-FTP Password Recover version 2.4.8. It occurs due to a stack-based buffer overflow when the application processes a specially crafted registration code.'}, {'type': 'paragraph', 'content': "An attacker can create a text file containing 1000 'Z' characters and input this as the registration code in the application. This causes the application to crash or become unresponsive, effectively denying service to legitimate users."}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the SpotFTP-FTP Password Recover application to crash or become unresponsive when a maliciously crafted registration code is input.
The impact is a denial of service condition, meaning legitimate users will be unable to use the application until it is restarted or fixed.
Since the attack requires local access and user interaction, the risk is limited to scenarios where an attacker can provide input to the application locally.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running SpotFTP-FTP Password Recover version 2.4.8.'}, {'type': 'paragraph', 'content': "To test for the vulnerability, create a text file containing 1000 'Z' characters and input this as the registration code in the application. If the application crashes or becomes unresponsive, the vulnerability is present."}, {'type': 'list_item', 'content': "Create a file with 1000 'Z' characters: `printf 'Z%.0s' {1..1000} > RandomLetter.txt` (on Unix-like systems) or use a text editor on Windows."}, {'type': 'list_item', 'content': 'Open SpotFTP-FTP Password Recover and paste the contents of the file into the "Enter Registration Code" field.'}, {'type': 'paragraph', 'content': 'Note that this is a local test and requires user interaction; there are no network-based detection commands available from the provided information.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include avoiding the input of untrusted or specially crafted registration codes containing large buffers such as 1000 'Z' characters into SpotFTP-FTP Password Recover version 2.4.8."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction, restrict access to the application to trusted users only.'}, {'type': 'paragraph', 'content': 'Monitor for application crashes and avoid using the vulnerable version until a patch or update is available.'}, {'type': 'paragraph', 'content': 'Consider contacting the vendor or checking their website for updates or patches that address this denial of service vulnerability.'}] [2, 3]