본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-17320 | NetSarang XFTP Client Buffer Overflow Vulnerability2019.10.10
□ Overview

 o NetSarang released security update to address buffer overflow vulnerability in XFTP Client.

Vulnerability Type

Impact

Severity

CVE ID

Buffer overflow Code execution

High

CVE-2019-17320

 

□ Description

 o XFTP Client contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads remote attacker to execute arbitrary code via crafted upload file.

 

□ Affected Product

Product version
XFTP 6.0149 and prior


□ Solution

 o Update software over XFTP 6.0150 version

 

□ Reference site

https://www.netsarang.com/ko/xftp/

 

□ Acknowledgements

 o Thanks to Kwanghee Han for reporting this vulerability