CVE-2010-20113
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
62.7%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
Technical Details
- Published
- 8/21/2025
Frequently Asked Questions
What is CVE-2010-20113?
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
Is CVE-2010-20113 actively exploited?
Active exploitation of CVE-2010-20113 has not been confirmed. The EPSS score is 62.7%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2010-20113?
CVE-2010-20113 has a CVSS v3 base score of 9.8 (CRITICAL severity).
Is CVE-2010-20113 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.