High severityNVD Advisory· Published Aug 21, 2025· Updated Apr 15, 2026

CVE-2010-20007

Description

Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product line was discontinued and users were advised to use BlueZone Secure FTP instead, at the time of disclosure.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rbnvd
web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/nvd
web.archive.org/web/20120102094617/http://bluezone.rocketsoftware.com/products/secure-managed-file-transfer/bz-secure-ftp/at-a-glancenvd
www.exploit-db.com/exploits/16705nvd
www.vulncheck.com/advisories/seagull-ftp-stack-buffer-overflownvd
www3.rocketsoftware.com/bluezone/help/v34/sftp/sftp.htmnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000