CVE-2019-17320

NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.

Published : 2019-10-10 15:15 Updated : 2019-10-16 13:28

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Netsarang Xftp 6.0149 cpe:/a:netsarang:xftp:6.0149
  1. Netsarang (1) Search CVE
    1. Xftp (1) Search CVE
      1. 6.0149

CWE

ID Name Description Links
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. CVE

History of changes

Date Event
2019-10-16 13:28
2019-10-10 15:19

New CVE