← back
CVE-2018-25234

SmartFTP Client 9.0.2615.0 Denial of Service via Host Field

CVSS 6.9 MEDIUMEPSS 0.2%CWE-466
SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Smartftp · SmartFTP Client
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45759unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/45759https://www.smartftp.com/en-us/https://www.smartftp.com/en-us/downloadhttps://www.vulncheck.com/advisories/smartftp-client-denial-of-service-via-host-field