CNNVD-202508-2543 Information

Aug 21, 2025 cve

CNNVD ID

CNNVD-202508-2543

CVE-2010-20107

CNNVD Published: 2025-08-21

Description (Chinese)

FTP Synchronizer Professional是FTP Synchronizer公司的一个FTP客户端软件。 FTP Synchronizer Professional v4.0.73.274及之前版本存在安全漏洞，该漏洞源于处理LIST命令响应时未验证文件名长度，可能导致栈缓冲区溢出和执行任意代码。

Description (English)

FTP Synchronizer Production is a FTP client of FTP Synchronizer. FTP Synchronizer Technical v4.0.73.274 and previous versions had a security loophole, which stemmed from the failure to verify the length of the document when processing the response to the LIST order, which could result in the spilling out of the fence and the implementation of arbitrary codes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

FTP Synchronizer

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/ftp-synchronizer-professional-stack-buffer-overflow https://www.ftpsynchronizer.com/ https://www.exploit-db.com/exploits/16720 http://www.ftpsynchronizer.com/ https://web.archive.org/web/20111016235434/ https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/ https://web.archive.org/web/20111016194057/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftpsynch_list_reply.rb https://nvd.nist.gov/vuln/detail/CVE-2010-20107

Share on: