CVE-2021-47791
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| smartftp | smartftp_client | 10.0.2909.0 |
| smartftp | smartftp_client | 10.0.3305.0 |
| smartftp | smartftp_client | 10.0.3038.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects SmartFTP Client version 10.0.2909.0 and consists of multiple denial of service (DoS) issues. Attackers can cause the application to crash by manipulating specific inputs such as malformed file paths, invalid IP addresses, or by clearing the connection history in the client interface. The crashes occur due to improper resource allocation without limits or throttling, leading to resource exhaustion when handling unexpected or malformed input. [2, 3]
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition where the SmartFTP Client application crashes and becomes unavailable. This can disrupt file transfer operations and cause loss of productivity or interruption of service for users relying on the SmartFTP Client. Since the attack requires local access and user interaction, the risk is limited but can still cause inconvenience or operational issues. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash conditions described in the exploits. For example, you can try to create a new FTPS connection in SmartFTP Client version 10.0.2909.0 and enter malformed paths such as a string starting with "//" followed by many characters, or use invalid IP addresses like 255.255.255.255. Additionally, clearing the connection history and then entering any input can trigger the crash. There are no specific network commands provided, but testing these input manipulations within the SmartFTP client interface can help detect the vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the SmartFTP Client to a newer version beyond 10.0.2909.0 where these vulnerabilities are fixed. Avoid entering malformed paths, invalid IP addresses, or clearing connection history in the client interface until the update is applied. Monitoring and restricting user input to the SmartFTP client can also help reduce the risk of triggering these denial of service conditions. [1, 2]