CVE-2010-20045 (GCVE-0-2010-20045)
Vulnerability from cvelistv5
Published
2025-08-20 15:32
Modified
2025-08-20 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-Based Buffer Overflow
Summary
FileWrangler <= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction—simply connecting to the server—without further input. Successful exploitation may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CursorArts | FileWrangler |
Version: * ≤ 5.30 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2010-20045",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T19:16:42.571473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T19:17:42.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"FTP client directory listing parser"
],
"product": "FileWrangler",
"vendor": "CursorArts",
"versions": [
{
"lessThanOrEqual": "5.30",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "nullthreat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "FileWrangler \u0026lt;= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction\u2014simply connecting to the server\u2014without further input. Successful exploitation may lead to arbitrary code execution."
}
],
"value": "FileWrangler \u003c= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction\u2014simply connecting to the server\u2014without further input. Successful exploitation may lead to arbitrary code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:32:19.973Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/"
},
{
"tags": [
"product"
],
"url": "https://cursorarts.com/ca_fw.html"
},
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/filewrangler_list_reply.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/16721"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/filewrangler-stack-buffer-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FileWrangler \u003c= 5.30 Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2010-20045",
"datePublished": "2025-08-20T15:32:19.973Z",
"dateReserved": "2025-08-19T16:00:37.432Z",
"dateUpdated": "2025-08-20T19:17:42.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-20045\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-08-20T16:15:33.597\",\"lastModified\":\"2025-08-22T18:09:17.710\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FileWrangler \u003c= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction\u2014simply connecting to the server\u2014without further input. Successful exploitation may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"FileWrangler \u0026lt;= 5.30 sufre una vulnerabilidad de desbordamiento de b\u00fafer en la pila al analizar listados de directorios desde un servidor FTP. Un servidor malicioso puede enviar un nombre de carpeta demasiado largo en respuesta a un comando LIST, lo que provoca corrupci\u00f3n de memoria durante la renderizaci\u00f3n del lado del cliente. Su explotaci\u00f3n requiere la interacci\u00f3n pasiva del usuario (simplemente conect\u00e1ndose al servidor) sin necesidad de intervenci\u00f3n adicional. Una explotaci\u00f3n exitosa puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://cursorarts.com/ca_fw.html\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/filewrangler_list_reply.rb\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.exploit-db.com/exploits/16721\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/filewrangler-stack-buffer-overflow\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2010-20045\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T19:16:42.571473Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-20T19:16:50.324Z\"}}], \"cna\": {\"title\": \"FileWrangler \u003c= 5.30 Stack Buffer Overflow\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"nullthreat\"}], \"impacts\": [{\"capecId\": \"CAPEC-100\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-100 Overflow Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.5, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"CursorArts\", \"modules\": [\"FTP client directory listing parser\"], \"product\": \"FileWrangler\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.30\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/\", \"tags\": [\"technical-description\", \"exploit\"]}, {\"url\": \"https://cursorarts.com/ca_fw.html\", \"tags\": [\"product\"]}, {\"url\": \"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/filewrangler_list_reply.rb\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.exploit-db.com/exploits/16721\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.vulncheck.com/advisories/filewrangler-stack-buffer-overflow\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"FileWrangler \u003c= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction\\u2014simply connecting to the server\\u2014without further input. Successful exploitation may lead to arbitrary code execution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"FileWrangler \u0026lt;= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction\\u2014simply connecting to the server\\u2014without further input. Successful exploitation may lead to arbitrary code execution.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121 Stack-Based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-08-20T15:32:19.973Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2010-20045\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-20T19:17:42.151Z\", \"dateReserved\": \"2025-08-19T16:00:37.432Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-08-20T15:32:19.973Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…