SmartFTP Client Denial-of-Service Vulnerability

Multiple denial-of-service vulnerabilities have been identified in SmartFTP Client version 10.0.2909.0. These vulnerabilities allow attackers to crash the application by manipulating input in specific ways. Crashes can be triggered by entering malformed file paths, using invalid IP addresses, or clearing the connection history within the application's interface.

Impact

Exploiting these vulnerabilities leads to crashes of the SmartFTP Client application, causing it to become unresponsive or terminate unexpectedly.

Reproduction

The denial-of-service vulnerability can be reproduced by following these steps: 1. Open SmartFTP and initiate a new connection using FTPS (explicit). 2. Enter an unreachable IP address, such as 255.255.255.255, in the FTP server field. 3. In the path field, paste a generated string that includes a large number of characters (over 423) to simulate a malformed path. 4. Click 'OK' to establish the connection, which will result in the application crashing. Alternatively, the vulnerability can be reproduced by clearing the connection history and then typing in the 'New Connection' bar, which also causes the application to crash.