Vulnerability Details CVE-2019-17320
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-17320
-
cpe:2.3:a:netsarang:xftp:6.0076
-
cpe:2.3:a:netsarang:xftp:6.0079
-
cpe:2.3:a:netsarang:xftp:6.0080
-
cpe:2.3:a:netsarang:xftp:6.0083
-
cpe:2.3:a:netsarang:xftp:6.0085
-
cpe:2.3:a:netsarang:xftp:6.0088
-
cpe:2.3:a:netsarang:xftp:6.0089
-
cpe:2.3:a:netsarang:xftp:6.0092
-
cpe:2.3:a:netsarang:xftp:6.0095
-
cpe:2.3:a:netsarang:xftp:6.0101
-
cpe:2.3:a:netsarang:xftp:6.0103
-
cpe:2.3:a:netsarang:xftp:6.0105
-
cpe:2.3:a:netsarang:xftp:6.0108
-
cpe:2.3:a:netsarang:xftp:6.0109
-
cpe:2.3:a:netsarang:xftp:6.0111
-
cpe:2.3:a:netsarang:xftp:6.0115
-
cpe:2.3:a:netsarang:xftp:6.0119
-
cpe:2.3:a:netsarang:xftp:6.0140
-
cpe:2.3:a:netsarang:xftp:6.0143
-
cpe:2.3:a:netsarang:xftp:6.0149