CVE-2019-25654

EUVD-2019-20046
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
coreftpcore_ftp
1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.coreftp.com/
http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe
https://www.exploit-db.com/exploits/46371
https://www.vulncheck.com/advisories/core-ftp-sftp-server-denial-of-service-via-buffer-overflow