What is CVE-2010-20049?

CVE-2010-20049 is a vulnerability in Leapware Leapftp, classified under Stack-based Buffer Overflow. Published 2025-08-20.

Is CVE-2010-20049 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Leapware Leapftp

CVE-2010-20049

LeapFTP < 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the inpu…

Vulnerability class: Buffer Overflow

EPSS: 0.542 (98.1th percentile) — read the EPSS interpretation.

Affected products

Leapware Leapftp — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/16704 (exploit)
web.archive.org/web/20111016194057/https://www.corelan.be/index.php/2010/10/12/… (technical-description, exploit)
web.archive.org/web/20111013232627/http://www.leapware.com/ (vendor-advisory, patch)
www.vulncheck.com/advisories/leapftp-stack-buffer-overflow (third-party-advisory)

Frequently asked questions

What is CVE-2010-20049?: CVE-2010-20049 is a vulnerability in Leapware Leapftp, classified under Stack-based Buffer Overflow. Published 2025-08-20.
Is CVE-2010-20049 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.