← Retour aux CVEs
CVE-2019-25588
MEDIUM6.2
Description
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.
Details CVE
Score CVSS v3.16.2
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/22/2026
Derniere modification3/25/2026
Sourcenvd
Observations honeypot0
Produits affectes
bpftpserver:bulletproof_ftp_server
Faiblesses (CWE)
CWE-1282
References
http://bpftpserver.com/(disclosure@vulncheck.com)
http://bpftpserver.com/products/bpftpserver/windows/download(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46875(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-dns-address(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.