CVE-2020-37067 | THREATINT

Description

Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow and terminate the FTP service.

PUBLISHED Reserved 2026-02-01 | Published 2026-02-03 | Updated 2026-02-04 | Assigner VulnCheck

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Allocation of Resources Without Limits or Throttling

Product status

1.0

affected

Credits

Alvaro J. Gene (Socket_0x03) finder

References

www.exploit-db.com/exploits/48503 (ExploitDB-48503) exploit

www.utillyty.eu (Vendor Homepage) product

sourceforge.net/projects/filetto (Software Project Repository) product

www.vulncheck.com/advisories/filetto-feat-denial-of-service (VulnCheck Advisory: Filetto 1.0 - 'FEAT' Denial of Service) third-party-advisory

cve.org (CVE-2020-37067)

nvd.nist.gov (CVE-2020-37067)

Download JSON