CVE-2020-8416

HIGH

BearFTP < 0.2.0 - Denial of Service via PASV Mode Connection Flood

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8416. PoCs published by kolya5544.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) attack against BearFTP versions 0.0.1 to 0.1.0 by flooding the server with PASV connections, causing resource exhaustion. The PoC spawns multiple threads to establish persistent connections, overwhelming the server's capacity.

Description

IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port.

Exploits (1)

exploitdb WORKING POC
by kolya5544 · doslinux
https://www.exploit-db.com/exploits/47987

This exploit demonstrates a Denial of Service (DoS) attack against BearFTP versions 0.0.1 to 0.1.0 by flooding the server with PASV connections, causing resource exhaustion. The PoC spawns multiple threads to establish persistent connections, overwhelming the server's capacity.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BearFTP v0.0.1 - v0.1.0
No auth needed
Prerequisites: Network access to the target BearFTP server · Knowledge of the target's hostname and PASV port
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/kolya5544/BearFTP/releases/tag/0.2.0
Exploit, Third Party Advisory x_refsource_misc
https://pastebin.com/wqNWnCuN

Scores

CVSS v3 7.5
EPSS 0.1421
EPSS Percentile 96.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-770
Status published
Products (1)
iktm/bearftp < 0.2.0
Published Jan 29, 2020
Tracked Since Feb 18, 2026