What is CVE-2010-20115?

CVE-2010-20115 is a vulnerability in Arcane Software Vermillion Ftp Daemon, classified under Out-of-bounds Write. Published 2025-08-21.

Is CVE-2010-20115 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Arcane Software Vermillion Ftp Daemon

CVE-2010-20115

Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing…

Vulnerability class: Buffer Overflow

EPSS: 0.537 (98.0th percentile) — read the EPSS interpretation.

Affected products

Arcane Software Vermillion Ftp Daemon — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/11293 (exploit)
www.broadcom.com/support/security-center/attacksignatures/detail (third-party-advisory)
www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-P… (third-party-advisory)
web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/… (technical-description, exploit)
web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP… (product)
www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corrupti… (third-party-advisory)

Frequently asked questions

What is CVE-2010-20115?: CVE-2010-20115 is a vulnerability in Arcane Software Vermillion Ftp Daemon, classified under Out-of-bounds Write. Published 2025-08-21.
Is CVE-2010-20115 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.