CVE-2019-25686

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2019-25686

Affected Products

Core Ftp

CVE-2019-25686

Weakness Enumeration

Related Identifiers

Affected Products

References · 5