Bftpd Project
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16892 | Hig | 0.49 | 7.5 | 0.01 | Nov 19, 2017 | In Bftpd before 4.7, there is a memory leak in the file rename function. | ||
| CVE-2025-11947 | Med | 0.29 | 4.5 | 0.00 | Oct 19, 2025 | A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host.… | ||
| CVE-2020-6835 | 0.00 | — | 0.02 | Jan 10, 2020 | An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking. | |||
| CVE-2020-6162 | 0.00 | — | 0.02 | Jan 10, 2020 | An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c. | |||
| CVE-2009-4593 | 0.00 | — | 0.01 | Jan 7, 2010 | The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of… | |||
| CVE-2007-2051 | 0.00 | — | 0.01 | Apr 16, 2007 | Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable. | |||
| CVE-2007-2010 | 0.00 | — | 0.02 | Apr 12, 2007 | Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. | |||
| CVE-2001-0065 | 0.00 | — | 0.05 | Feb 12, 2001 | Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. | |||
| CVE-2000-0943 | 0.00 | — | 0.04 | Dec 19, 2000 | Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. |
- risk 0.49cvss 7.5epss 0.01
In Bftpd before 4.7, there is a memory leak in the file rename function.
- risk 0.29cvss 4.5epss 0.00
A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host.…
- CVE-2020-6835Jan 10, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.
- CVE-2020-6162Jan 10, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.
- CVE-2009-4593Jan 7, 2010risk 0.00cvss —epss 0.01
The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of…
- CVE-2007-2051Apr 16, 2007risk 0.00cvss —epss 0.01
Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
- CVE-2007-2010Apr 12, 2007risk 0.00cvss —epss 0.02
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.
- CVE-2001-0065Feb 12, 2001risk 0.00cvss —epss 0.05
Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command.
- CVE-2000-0943Dec 19, 2000risk 0.00cvss —epss 0.04
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.