PT-2026-29020 · Smartftp · Smartftp
Published
2026-03-30
·
Updated
2026-04-08
·
CVE-2018-25234
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SmartFTP Client version 9.0.2615.0
Description
SmartFTP Client version 9.0.2615.0 contains a denial of service issue that allows local attackers to crash the application by providing an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash.
Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid using excessively long strings in the Host field.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smartftp