Total vulnerabilities in the database
The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
| Software | From | Fixed in |
|---|---|---|
| jesse_smith / bftpd | - | 2.3.x |
| jesse_smith / bftpd | 1.6 | 1.6.x |
| jesse_smith / bftpd | 1.7.2 | 1.7.2.x |
| jesse_smith / bftpd | 1.8 | 1.8.x |
| jesse_smith / bftpd | 2.1.2 | 2.1.2.x |
| jesse_smith / bftpd | 2.2.1 | 2.2.1.x |
| jesse_smith / bftpd | 2.0.3 | 2.0.3.x |
| jesse_smith / bftpd | 2.1 | 2.1.x |
| jesse_smith / bftpd | 1.7 | 1.7.x |
| jesse_smith / bftpd | 2.2 | 2.2.x |
| jesse_smith / bftpd | 2.0.2 | 2.0.2.x |
| jesse_smith / bftpd | 2.1.1 | 2.1.1.x |