Primary

Context

BulletProof FTP Server Denial-of-Service Vulnerability in SMTP Configuration Interface

Vulnerability

A denial-of-service vulnerability has been identified in BulletProof FTP Server version 2019.0.0.50. The issue resides in the SMTP configuration interface, where local attackers can cause the application to crash by sending an oversized string. Specifically, a buffer of 257 'A' characters can be entered into the SMTP Server field. When the Test button is clicked, the application crashes.

Impact

Exploitation of this vulnerability leads to a crash of the BulletProof FTP Server application, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by entering 257 'A' characters into the SMTP Server field of the SMTP configuration interface. After pasting the oversized string, clicking the Test button will trigger the application to crash.

Added: Mar 30, 2026, 12:24 PM

Updated: Mar 30, 2026, 12:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BulletProof FTP Server Denial-of-Service Vulnerability in SMTP Configuration Interface

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating