ALT-PU-2019-2210-2
Closed vulnerabilities
Published: 2026-04-05
Modified: 2026-04-09
Modified: 2026-04-09
CVE-2019-25683
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (6.9)Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:
Published: 2019-04-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-5429
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/
- https://security.gentoo.org/glsa/202007-51
- https://svn.filezilla-project.org/filezilla?view=revision&revision=9112
- https://www.tenable.com/security/research/tra-2019-14
- https://lists.debian.org/debian-lts-announce/2022/05/msg00037.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/
- https://security.gentoo.org/glsa/202007-51
- https://svn.filezilla-project.org/filezilla?view=revision&revision=9112
- https://www.tenable.com/security/research/tra-2019-14