CVE-2019-25587

Summary

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.

Affected Software

VendorProductVersion RangeStatus
BpftpserverBulletProof FTP Server2019.0.0.50affected

Weaknesses

  • CWE-1282: Assumed-Immutable Data is Stored in Writable Memory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References