{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2010-10014", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-08-19T17:04:02.876Z", "datePublished": "2025-08-20T15:38:23.796Z", "dateUpdated": "2025-08-22T16:12:25.765Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Odin Secure FTP", "vendor": "Odin Software", "versions": [{"lessThanOrEqual": "4.1", "status": "affected", "version": "*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "rick2600"}, {"lang": "en", "type": "finder", "value": "corelanc0d3r of Corelan Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Odin Secure FTP &lt;= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system."}], "value": "Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-Based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-20T15:38:23.796Z"}, "references": [{"tags": ["product"], "url": "https://web.archive.org/web/20111007123101/http://odinshare.com/secure-ftp-expert.html"}, {"tags": ["exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/odin_list_reply.rb"}, {"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/16716"}, {"tags": ["technical-description", "exploit"], "url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/odin-secure-ftp-stack-buffer-overflow-via-list-response"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "Odin Secure FTP <= 4.1 Stack Buffer Overflow via LIST Response", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://www.exploit-db.com/exploits/16716", "tags": ["exploit"]}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/odin_list_reply.rb", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-22T16:12:20.490074Z", "id": "CVE-2010-10014", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-22T16:12:25.765Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2010-10014", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-22T16:12:20.490074Z"}}}], "references": [{"url": "https://www.exploit-db.com/exploits/16716", "tags": ["exploit"]}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/odin_list_reply.rb", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-22T16:12:08.786Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Odin Secure FTP <= 4.1 Stack Buffer Overflow via LIST Response", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "rick2600"}, {"lang": "en", "type": "finder", "value": "corelanc0d3r of Corelan Team"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Odin Software", "product": "Odin Secure FTP", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.1"}], "defaultStatus": "unknown"}], "references": [{"url": "https://web.archive.org/web/20111007123101/http://odinshare.com/secure-ftp-expert.html", "tags": ["product"]}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/odin_list_reply.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/16716", "tags": ["exploit"]}, {"url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/", "tags": ["technical-description", "exploit"]}, {"url": "https://www.vulncheck.com/advisories/odin-secure-ftp-stack-buffer-overflow-via-list-response", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system.", "supportingMedia": [{"type": "text/html", "value": "Odin Secure FTP &lt;= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-Based Buffer Overflow"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-20T15:38:23.796Z"}}}, "cveMetadata": {"cveId": "CVE-2010-10014", "state": "PUBLISHED", "dateUpdated": "2025-08-22T16:12:25.765Z", "dateReserved": "2025-08-19T17:04:02.876Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-08-20T15:38:23.796Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "disclosure@vulncheck.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system."}, {"lang": "es", "value": "Odin Secure FTP (versi\u00f3n &lt;= 4.1) es vulnerable a un desbordamiento de b\u00fafer basado en la pila al analizar las listas de directorios recibidas en respuesta a un comando FTP LIST. Un servidor FTP malicioso puede enviar un nombre de archivo demasiado largo en la lista de directorios, lo que desborda un b\u00fafer de pila de tama\u00f1o fijo en el cliente y sobrescribe el Gestor de Excepciones Estructurado (SEH). Esto permite a atacantes remotos ejecutar c\u00f3digo arbitrario en el sistema cliente."}], "id": "CVE-2010-10014", "lastModified": "2025-08-22T18:09:17.710", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-08-20T16:15:33.227", "references": [{"source": "disclosure@vulncheck.com", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/odin_list_reply.rb"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20111007123101/http://odinshare.com/secure-ftp-expert.html"}, {"source": "disclosure@vulncheck.com", "url": "https://web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/death-of-an-ftp-client/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/16716"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/odin-secure-ftp-stack-buffer-overflow-via-list-response"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/odin_list_reply.rb"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.exploit-db.com/exploits/16716"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{}