CVE-2019-25588

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.2 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.

Vulnerability Details

Published Date

March 22, 2026

Last Modified

March 25, 2026

CWE ID

CWE-1282

Source

NVD

Vendor

Bpftpserver

Product

BulletProof FTP Server

External References

http://bpftpserver.com/
http://bpftpserver.com/products/bpftpserver/windows/download
https://www.exploit-db.com/exploits/46875
https://www.vulncheck.com/advisories/bulletproof-ftp-server-denial-of-service-via-dns-address

CVE-2019-25588

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment