High severityNVD Advisory· Published Aug 21, 2025· Updated Apr 15, 2026
CVE-2010-20108
CVE-2010-20108
Description
FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long directory and filename, the application fails to properly validate input length. This results in a buffer overflow that overwrites the saved Extended Instruction Pointer (EIP), allowing remote attackers to execute arbitrary code.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/ftppad_list_reply.rbnvd
- web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/nvd
- www.chip.de/downloads/FTPPad_12993921.htmlnvd
- www.exploit-db.com/exploits/16726nvd
- www.vulncheck.com/advisories/ftppad-stack-buffer-overflownvd
News mentions
0No linked articles in our index yet.