Cobian Reflector Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Cobian Reflector version 0.9.93 RC1. This issue allows attackers to crash the application by overflowing the password input field. During the configuration of SFTP tasks, a large buffer of approximately 8000 bytes can be pasted into the password field, triggering the application to crash.

Impact

Exploiting this vulnerability causes the application to crash, disrupting any ongoing tasks or processes within Cobian Reflector.

Reproduction

To reproduce this vulnerability, first create a text file containing a buffer of 8000 bytes. This can be done using a simple Python script that writes the buffer to a file. After generating the buffer, open Cobian Reflector and create a new SFTP task. When prompted for the password, paste the contents of the text file into the password field. After testing the settings, the application will crash.