CVE-2020-37067 | Filetto 1.0 FTP server contains a denial of service vulnerab… | CVSS 9.8 CRITICAL

Description

Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow and terminate the FTP service.

Metadata

CVE ID: CVE-2020-37067
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-02-01 13:16 UTC
Published: 2026-02-03 22:01 UTC
Last updated: 2026-02-04 20:55 UTC
Primary CWE: CWE-770
Allocation of Resources Without Limits or Throttling
Vendor / Product: Utillyty / Filetto
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Utillyty	Filetto	—	1.0

Weakness (CWE)

CWE	Source	Description
CWE-770	cna	Allocation of Resources Without Limits or Throttling

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References (4)

ExploitDB-48503 https://www.exploit-db.com/exploits/48503
Vendor Homepage http://www.utillyty.eu
Software Project Repository https://sourceforge.net/projects/filetto
VulnCheck Advisory: Filetto 1.0 - 'FEAT' Denial of Service https://www.vulncheck.com/advisories/filetto-feat-denial-of-service