CVE-2020-37139
Unknown Unknown - Not Provided

Buffer Overflow in Odin Secure FTP 7.6.3 Causes Local DoS

Vulnerability report for CVE-2020-37139, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application to crash.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-07-07
AI Q&A
2026-02-05
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
odin secure_ftp_expert 7.6.3
odin secure_ftp_expert to 7.6.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2020-37139 is a local denial of service (DoS) vulnerability in Odin Secure FTP Expert version 7.6.3 and earlier. It occurs due to improper handling of site information fields, where an attacker can cause a buffer overflow by inputting 108 bytes of repeated characters into connection fields. This buffer overflow causes the application to crash.

The vulnerability requires local access and user interaction to exploit, and it does not require any special privileges.

Impact Analysis

This vulnerability can impact you by causing the Odin Secure FTP Expert application to crash, resulting in a denial of service condition. An attacker with local access can exploit this by inputting specially crafted data into the site information fields, disrupting normal use of the software.

The impact is limited to availability, as the application becomes unusable until restarted or fixed.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the crash condition in the Odin Secure FTP Expert application. Specifically, by inputting a string of 108 repeated characters (such as 'A') into the connection fields of the Quickconnect site dialog, the application will crash if vulnerable."}, {'type': 'list_item', 'content': "Run a script or create a text file containing 108 repeated characters (e.g., 108 'A's)."}, {'type': 'list_item', 'content': 'Copy the content of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Open OdinSecureFTPExpert.exe.'}, {'type': 'list_item', 'content': 'Navigate to Trial > Connect > Quickconnect site.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into all input fields.'}, {'type': 'list_item', 'content': 'Attempt to connect and observe if the application crashes, indicating the presence of the vulnerability.'}] [2]

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37139. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart