CVE-2021-47791
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-01-16

Assigner: VulnCheck

Description
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-01-16
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47791
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
smartftp smartftp_client 10.0.2909.0
smartftp smartftp_client 10.0.3305.0
smartftp smartftp_client 10.0.3038.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects SmartFTP Client version 10.0.2909.0 and consists of multiple denial of service (DoS) issues. Attackers can cause the application to crash by manipulating specific inputs such as malformed file paths, invalid IP addresses, or by clearing the connection history in the client interface. The crashes occur due to improper resource allocation without limits or throttling, leading to resource exhaustion when handling unexpected or malformed input. [2, 3]

Impact Analysis

The impact of this vulnerability is a denial of service condition where the SmartFTP Client application crashes and becomes unavailable. This can disrupt file transfer operations and cause loss of productivity or interruption of service for users relying on the SmartFTP Client. Since the attack requires local access and user interaction, the risk is limited but can still cause inconvenience or operational issues. [2, 3]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash conditions described in the exploits. For example, you can try to create a new FTPS connection in SmartFTP Client version 10.0.2909.0 and enter malformed paths such as a string starting with "//" followed by many characters, or use invalid IP addresses like 255.255.255.255. Additionally, clearing the connection history and then entering any input can trigger the crash. There are no specific network commands provided, but testing these input manipulations within the SmartFTP client interface can help detect the vulnerability. [3]

Mitigation Strategies

Immediate mitigation steps include upgrading the SmartFTP Client to a newer version beyond 10.0.2909.0 where these vulnerabilities are fixed. Avoid entering malformed paths, invalid IP addresses, or clearing connection history in the client interface until the update is applied. Monitoring and restricting user input to the SmartFTP client can also help reduce the risk of triggering these denial of service conditions. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47791. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart