PT-2025-34311 · Sftpclient · Xftp Client
Published
2025-08-21
·
Updated
2025-08-22
·
CVE-2010-20122
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Xftp FTP Client versions through 3.0 (build 0238)
Description:
Xftp FTP Client versions up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability. This issue is triggered by a maliciously crafted PWD response from an FTP server. When the client receives an overly long directory string in response to the PWD command, it fails to properly validate the input length before copying it into a fixed-size buffer, leading to memory corruption and potential remote code execution on the client system.
Recommendations:
Versions prior to 3.0 (build 0238) are recommended.
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xftp Client