CVE-2020-37107

HIGH

Core FTP LE 2.2 - DoS

Title source: llm

Description

Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.

Exploits (1)

exploitdb WORKING POC

by Ismael Nava · pythondoswindows

https://www.exploit-db.com/exploits/48137

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48137

[Various Sources] http://www.coreftp.com/

[Various Sources] http://www.coreftp.com/download.html

[Third Party Advisory] https://www.vulncheck.com/advisories/core-ftp-le-denial-of-service

Scores

CVSS v3 7.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

Core FTP/Core FTP LE 2.2 build 1947

Published Feb 07, 2026

Tracked Since Feb 18, 2026