CNNVD-202508-2536 Information

CNNVD ID

CNNVD-202508-2536

Related CVE

CVE-2010-20122

• CNNVD Published: 2025-08-21

Description (Chinese)

NetSarang Computer Xftp FTP Client是美国NetSarang Computer公司的一个FTP客户端软件。 NetSarang Computer Xftp FTP Client 3.0 build 0238及之前版本存在安全漏洞，该漏洞源于处理PWD响应时未验证输入长度，可能导致栈缓冲区溢出和执行任意代码。

Description (English)

NetSarang Company Xftp FTP Clinic is an FTP client of NetSarang Company in the United States. NetSarang Company Xftp FTP Clean 3.0 built 0238 and previous versions had a security loophole, which stemmed from the failure to verify input lengths when handling PWD responses, which could result in spilling over and enforcing arbitrary codes in the buffer zone.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

NetSarang Computer

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/xftp-ftp-client-pwd-response-buffer-overflow https://www.exploit-db.com/exploits/16739 https://www.exploit-db.com/exploits/12332 http://www.netsarang.com/download/down_xft3.html https://web.archive.org/web/20090312072219/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/xftp_client_pwd.rb https://nvd.nist.gov/vuln/detail/CVE-2010-20122