ByteOS Network

CVE Vulnerability Details :

CVE-2010-20007

PUBLISHED

More Info Official Page

Assigner-VulnCheck

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-21 Aug, 2025 | 20:13

Updated At-22 Aug, 2025 | 15:15

▼CVE Numbering Authority (CNA)

Seagull FTP v3.3 Build 409 Stack Buffer Overflow

Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product line was discontinued and users were advised to use BlueZone Secure FTP instead, at the time of disclosure.

Affected Products

Vendor

Rocket Software

Product

Seagull FTP Client

Modules

FTP directory listing parser

Default Status

unaffected

Versions

Affected

From * through 3.3 Build 409 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-121	CWE-121 Stack-based Buffer Overflow

Type: CWE

CWE ID: CWE-121

Description: CWE-121 Stack-based Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
4.0	8.5	HIGH	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Version: 4.0

Base score: 8.5

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Impacts

CAPEC ID	Description
CAPEC-100	CAPEC-100 Overflow Buffers

CAPEC ID: CAPEC-100

Description: CAPEC-100 Overflow Buffers

Credits

finder

corelanc0d3r of Corelan Team

References

Hyperlink	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rb	exploit
https://www.exploit-db.com/exploits/16705	exploit
https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/	technical-description exploit
https://web.archive.org/web/20120102094617/http://bluezone.rocketsoftware.com/products/secure-managed-file-transfer/bz-secure-ftp/at-a-glance	product
https://www3.rocketsoftware.com/bluezone/help/v34/sftp/sftp.htm	product
https://www.vulncheck.com/advisories/seagull-ftp-stack-buffer-overflow	third-party-advisory

Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rb

Resource:

exploit

Hyperlink: https://www.exploit-db.com/exploits/16705

Resource:

exploit

Hyperlink: https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/

Resource:

technical-description

exploit

Hyperlink: https://web.archive.org/web/20120102094617/http://bluezone.rocketsoftware.com/products/secure-managed-file-transfer/bz-secure-ftp/at-a-glance

Resource:

product

Hyperlink: https://www3.rocketsoftware.com/bluezone/help/v34/sftp/sftp.htm

Resource:

product

Hyperlink: https://www.vulncheck.com/advisories/seagull-ftp-stack-buffer-overflow

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/16705	exploit
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rb	exploit

Hyperlink: https://www.exploit-db.com/exploits/16705

Resource:

exploit

Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/seagull_list_reply.rb

Resource:

exploit

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References