Cyber Resilience

CVE-2020-37139

MediumPublic PoC

Published: 05 February 2026

Published
05 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 8.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2020-37139 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Oldversion (inferred from references). Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2020-37139 is a local denial of service vulnerability in Odin Secure FTP Expert version 7.6.3. The flaw arises from a buffer overflow in the site information fields, specifically when attackers paste 108 bytes of repeated characters into connection fields, causing the application to crash. It is classified under CWE-770 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability without requiring privileges, using low-complexity techniques and no user interaction. By inputting the specified payload into the affected fields, they trigger the buffer overflow, resulting in application denial of service through crashing.

References include an Exploit-DB entry with a proof-of-concept (https://www.exploit-db.com/exploits/48262), a VulnCheck advisory on the site info denial of service (https://www.vulncheck.com/advisories/odin-secure-ftp-expert-site-info-denial-of-service), and a software download link (http://tr.oldversion.com/windows/odin-secure-ftp-expert-7-6-3). No patches or specific mitigations are mentioned in the available details.

EU & UK References

Vulnerability details

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields,…

more

causing the application to crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow input in local FTP client directly enables application crash via exploitation, matching T1499.004 subtechnique for DoS.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2021-47877Shared CWE-770
CVE-2021-47784Shared CWE-770
CVE-2021-47793Shared CWE-770
CVE-2021-47895Shared CWE-770
CVE-2026-23490Shared CWE-770
CVE-2026-31866Shared CWE-770
CVE-2026-33260Shared CWE-770
CVE-2026-33012Shared CWE-770
CVE-2026-5438Shared CWE-770
CVE-2024-57662Shared CWE-770

Affected Assets

Oldversion
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow flaw in Odin Secure FTP Expert's site information fields by identifying, reporting, and patching the vulnerability in a timely manner.

prevent

Validates inputs to connection and site information fields to block oversized payloads like 108 bytes of repeated characters that trigger the buffer overflow.

prevent

Ensures the application handles buffer overflow errors gracefully without crashing, mitigating the denial-of-service impact from invalid inputs.

References