cbcvebase.
CVE-2010-20007
published 2025-08-21

CVE-2010-20007: Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an…

PriorityP353high8.5CVSS 4.0
AVLACLATNPRNUIPVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.48%
37.5th percentile
Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product line was discontinued and users were advised to use BlueZone Secure FTP instead, at the time of disclosure.

Affected

1 ranges
VendorProductVersion rangeFixed in
rocket_softwareseagull_ftp_client<= 3.3 Build 409

Detection & IOCsextracted from sources · hover to see the quote

versionSeagull FTP v3.3 Build 409
  • Detect exploitation attempts by monitoring FTP LIST command responses containing excessively long filenames/folder names directed at Seagull FTP client sessions.
  • Monitor for SEH (Structured Exception Handler) overwrites in the Seagull FTP client process triggered after receiving a crafted FTP LIST response.
  • Flag FTP LIST responses where a single filename or folder name entry is abnormally long, as this is the trigger condition for the stack-based buffer overflow in Seagull FTP <= v3.3 Build 409.
  • ·The vulnerability is client-side and requires the Seagull FTP client to connect to a malicious or compromised FTP server; exploitation is triggered by the server's LIST response, not by the client's outbound traffic.
  • ·This product line was discontinued; affected deployments should be identified and migrated, as no patch is available for Seagull FTP.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.