Home

Description

EN DE

A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

In bftpd up to 6.2 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion expand_groups der Datei options.c der Komponente Configuration File Handler. Die Bearbeitung verursacht heap-based buffer overflow. Der Angriff muss lokal passieren. Ein Angriff erfordert eine vergleichsweise hohe Komplexität. Sie gilt als schwierig ausnutzbar. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden.

PUBLISHED Reserved 2025-10-19 | Published 2025-10-19 | Updated 2025-10-20 | Assigner VulDB




LOW: 2.0CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.5CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 4.5CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.5AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Heap-based Buffer Overflow

Memory Corruption

Timeline

2025-10-19:Advisory disclosed
2025-10-19:VulDB entry created
2025-10-19:VulDB entry last update

Credits

zh_vul (VulDB User) reporter

References

vuldb.com/?id.329027 (VDB-329027 | bftpd Configuration File options.c expand_groups heap-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.329027 (VDB-329027 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.673133 (Submit #673133 | bftpd Project bftpd FTP Server 6.2 Heap-based Buffer Overflow) third-party-advisory

shimo.im/docs/rp3OMVMZZXc9lvkm/ exploit

cve.org (CVE-2025-11947)

nvd.nist.gov (CVE-2025-11947)

Download JSON