CVE-2019-25654

Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-787

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Coreftp · Core FTP/SFTP Server

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46371unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/46371 https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow http://www.coreftp.com/http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe