CVE-2020-37067 PUBLISHED

Filetto 1.0 - 'FEAT' Denial of Service

Assigner: VulnCheck
Reserved: 01.02.2026 Published: 03.02.2026 Updated: 04.02.2026

Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow and terminate the FTP service.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.1

Product Status

Vendor Utillyty
Product Filetto
Versions
  • Version 1.0 is affected

Credits

  • Alvaro J. Gene (Socket_0x03) finder

References

Problem Types

  • Allocation of Resources Without Limits or Throttling CWE