Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for by Fetch Softworks

CVE-2022-50799 (GCVE-0-2022-50799)

Vulnerability from cvelistv5

Published

2025-12-30 22:41

Modified

2025-12-30 22:41

Severity ?

7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application.

References

URL

Tags

	https://www.exploit-db.com/exploits/50696	exploit
	https://www.fetchsoftworks.com	product
	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5696.php	third-party-advisory
	https://www.vulncheck.com/advisories/fetch-softworks-fetch-ftp-client-remote-cpu-consumption-denial-of-service	third-party-advisory

Impacted products

	Vendor	Product	Version
	Fetch Softworks	Fetch Softworks Fetch FTP Client	Version: 5.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Fetch Softworks Fetch FTP Client",
          "vendor": "Fetch Softworks",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2022-01-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T22:41:40.340Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-50696",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/50696"
        },
        {
          "name": "Fetch Softworks Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.fetchsoftworks.com"
        },
        {
          "name": "Zero Science Lab Disclosure (ZSL-2022-5696)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5696.php"
        },
        {
          "name": "VulnCheck Advisory: Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/fetch-softworks-fetch-ftp-client-remote-cpu-consumption-denial-of-service"
        }
      ],
      "title": "Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2022-50799",
    "datePublished": "2025-12-30T22:41:40.340Z",
    "dateReserved": "2025-12-27T13:53:29.754Z",
    "dateUpdated": "2025-12-30T22:41:40.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}