mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-13 10:04:45 +02:00
0xMarcio
1.1 KiB
1.1 KiB
CVE-2010-20122
Description
Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system.
POC
Reference
- https://www.exploit-db.com/exploits/12332
- https://www.exploit-db.com/exploits/16739
- https://www.vulncheck.com/advisories/xftp-ftp-client-pwd-response-buffer-overflow
Github
No PoCs found on GitHub currently.