VYPR
Vendor

Bftpd Project

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2017-16892HigNov 19, 2017
    risk 0.49cvss 7.5epss 0.01

    In Bftpd before 4.7, there is a memory leak in the file rename function.

  • CVE-2025-11947MedOct 19, 2025
    risk 0.29cvss 4.5epss 0.00

    A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host.…

  • CVE-2020-6835Jan 10, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.

  • CVE-2020-6162Jan 10, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.

  • CVE-2009-4593Jan 7, 2010
    risk 0.00cvss epss 0.01

    The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of…

  • CVE-2007-2051Apr 16, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.

  • CVE-2007-2010Apr 12, 2007
    risk 0.00cvss epss 0.02

    Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.

  • CVE-2001-0065Feb 12, 2001
    risk 0.00cvss epss 0.05

    Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command.

  • CVE-2000-0943Dec 19, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.