{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25234", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-30T11:00:13.926Z", "datePublished": "2026-03-30T11:02:25.501Z", "dateUpdated": "2026-04-01T18:06:41.161Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:25.501Z"}, "datePublic": "2018-10-30T00:00:00.000Z", "title": "SmartFTP Client 9.0.2615.0 Denial of Service via Host Field", "descriptions": [{"lang": "en", "value": "SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Return of Pointer Value Outside of Expected Range", "cweId": "CWE-466", "type": "CWE"}]}], "affected": [{"vendor": "Smartftp", "product": "SmartFTP Client", "versions": [{"version": "9.0.2615.0", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45759", "name": "ExploitDB-45759", "tags": ["exploit"]}, {"url": "https://www.smartftp.com/en-us/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.smartftp.com/en-us/download", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: SmartFTP Client 9.0.2615.0 Denial of Service via Host Field", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/smartftp-client-denial-of-service-via-host-field"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:06:24.903241Z", "id": "CVE-2018-25234", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:06:41.161Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25234", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T18:06:24.903241Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:06:34.306Z"}}], "cna": {"title": "SmartFTP Client 9.0.2615.0 Denial of Service via Host Field", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Smartftp", "product": "SmartFTP Client", "versions": [{"status": "affected", "version": "9.0.2615.0"}]}], "datePublic": "2018-10-30T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45759", "name": "ExploitDB-45759", "tags": ["exploit"]}, {"url": "https://www.smartftp.com/en-us/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.smartftp.com/en-us/download", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/smartftp-client-denial-of-service-via-host-field", "name": "VulnCheck Advisory: SmartFTP Client 9.0.2615.0 Denial of Service via Host Field", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-466", "description": "Return of Pointer Value Outside of Expected Range"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-30T11:02:25.501Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25234", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:06:41.161Z", "dateReserved": "2026-03-30T11:00:13.926Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-30T11:02:25.501Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smartftp:smartftp:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCBEDBBB-E8AF-4D4D-8F3F-26B31BAB5ABA", "versionEndIncluding": "9.0.2615.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash."}, {"lang": "es", "value": "SmartFTP Cliente 9.0.2615.0 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga en el campo Host. Los atacantes pueden pegar un b\u00fafer de 300 caracteres repetidos en el par\u00e1metro de conexi\u00f3n Host para provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2018-25234", "lastModified": "2026-04-08T16:37:56.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-30T12:16:17.510", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45759"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.smartftp.com/en-us/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.smartftp.com/en-us/download"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/smartftp-client-denial-of-service-via-host-field"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-466"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.0.2615.0"}}], "enrichment": {"confidence": 83.0, "confidence_source": "matching", "scores": [{"score": 83.0, "source": "matching"}]}, "original": {"product": "SmartFTP Client", "source": "cna", "vendor": "Smartftp"}, "product": "smartftp", "vendor": "smartftp"}], "analysis": {"en": {"generated_at": "2026-04-08T17:55:38.807816+00:00", "value": {"mitigation_remediation": ["Update SmartFTP Client to the latest version that addresses the Host field validation flaw", "If an update is unavailable, remove or restrict local users\u2019 access to SmartFTP Client to prevent the adverse effect", "Restart the application after any accidental crash and monitor the system for repeated denial\u2011of\u2011service incidents"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects SmartFTP Client version 9.0.2615.0 from the vendor Smartftp. No other versions are noted in the provided data.", "description_and_impact": "SmartFTP Client version 9.0.2615.0 contains a denial\u2011of\u2011service vulnerability that allows local users to crash the application by entering an excessively long string in the Host field. This buffer\u2011under\u2011validation flaw triggers an application crash when a Host value of 300 repeated characters is supplied, leading to an interruption of services for users relying on the client. The weakness is categorized as CWE\u2011466, reflecting inadequate input validation. There is no evidence of broader compromise such as code execution or data theft.", "risk_and_exploitability": "The CVSS score of 6.9 indicates medium severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, further reducing the likelihood of active exploitation. The attack vector inferred from the description is local, requiring an attacker to have access to the system on which SmartFTP is running. Exploitation causes a client crash but does not elevate privileges or expose sensitive data, limiting the impact primarily to service availability on the affected host."}}}}, "created": "2026-03-30T20:55:50.393315+00:00", "updated": "2026-04-08T20:00:41.594372+00:00", "vendors": ["smartftp", "smartftp$PRODUCT$smartftp"]}