CVE-2010-20113

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

62.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Technical Details

Published
8/21/2025

Frequently Asked Questions

What is CVE-2010-20113?

EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Is CVE-2010-20113 actively exploited?

Active exploitation of CVE-2010-20113 has not been confirmed. The EPSS score is 62.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2010-20113?

CVE-2010-20113 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2010-20113 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.