Critical severityNVD Advisory· Published Aug 21, 2025· Updated Apr 15, 2026

CVE-2010-20122

Description

Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/xftp_client_pwd.rbnvd
web.archive.org/web/20090312072219/http://www.netsarang.com/download/down_xft3.htmlnvd
www.exploit-db.com/exploits/12332nvd
www.exploit-db.com/exploits/16739nvd
www.vulncheck.com/advisories/xftp-ftp-client-pwd-response-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.047
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000