Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
BulletProof FTP Server 2019.0.0.50 Crashes with Invalid Configuration Input
CVE-2019-25587
Summary
A bug in BulletProof FTP Server 2019 allows an attacker with local access to crash the application by entering an extremely long value in the Storage-Path configuration setting. This could be exploited by a malicious user with access to the server to disrupt its operation. To fix the issue, update to a patched version of the software.
Original title
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excess...
Original description
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.
nvd CVSS3.1
6.2
nvd CVSS4.0
6.9
Vulnerability type
CWE-1282
Published: 22 Mar 2026 · Updated: 22 Mar 2026 · First seen: 22 Mar 2026