CVE-2020-37209
Buffer Overflow in SpotFTP 3.0.0.0 Causes Application Crash
Publication date: 2026-02-11
Last updated on: 2026-02-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsasoft | spotftp | 3.0.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the denial of service condition on the SpotFTP application. Specifically, an attacker or tester can create a payload of 1000 characters and input it into the 'Name' field during the registration process to see if the application crashes."}, {'type': 'paragraph', 'content': "A practical method involves creating a file with 1000 'A' characters and then copying and pasting this payload into the 'Name' field of SpotFTP's registration dialog."}, {'type': 'paragraph', 'content': 'For example, using a Python command to generate the payload file:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*1000)" > poc.txt'}, {'type': 'paragraph', 'content': "Then, open SpotFTP, start the registration process, and paste the contents of 'poc.txt' into the 'Name' field. If the application crashes, the vulnerability is present."}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding the use of the vulnerable SpotFTP version 3.0.0.0 or earlier until a patch or update is available.'}, {'type': 'paragraph', 'content': 'Restrict local access to the application to trusted users only, since the attack requires local interaction and user input.'}, {'type': 'paragraph', 'content': "Educate users not to input unusually long strings (such as 1000 characters) into the registration 'Name' field."}, {'type': 'paragraph', 'content': 'Monitor for application crashes related to the registration process as an indicator of attempted exploitation.'}] [2]
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2020-37209 is a denial of service (DoS) vulnerability in SpotFTP FTP Password Recovery version 3.0.0.0. It occurs due to a buffer overflow in the registration "Name" input field. An attacker can input a specially crafted payload of 1000 characters into this field, which causes the application to crash.'}] [2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can cause SpotFTP to crash when a maliciously crafted input is entered into the registration "Name" field, resulting in a denial of service condition. This means legitimate users may be unable to use the application while it is crashed or unstable.'}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know