CVE-2019-25587
Received Received - Intake
Denial of Service via Buffer Overflow in BulletProof FTP Server

Publication date: 2026-03-22

Last updated on: 2026-03-25

Assigner: VulnCheck

Description
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-25
Generated
2026-05-27
AI Q&A
2026-03-22
EPSS Evaluated
2026-05-25
NVD
CVE-2019-25587
EUVD
EUVD-2019-19916
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bpftpserver bulletproof_ftp_server 2019.0.0.50
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1282 Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2019-25587 is a denial of service (DoS) vulnerability in BulletProof FTP Server version 2019.0.0.50. It occurs due to improper input validation in the Storage-Path configuration parameter. A local attacker can enable the "Override Storage-Path" setting and input an excessively long string (500 bytes or more), which causes the application to crash when saving the configuration.'}, {'type': 'paragraph', 'content': 'This vulnerability exploits the fact that the server does not properly handle very long strings in the storage path setting, leading to a crash and disruption of service.'}] [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by causing a denial of service condition on the BulletProof FTP Server. An attacker with local access can crash the FTP server application by supplying a long string in the storage path configuration, making the server unavailable to legitimate users.

The impact is primarily on availability, as the server stops functioning properly until it is restarted or the configuration is corrected.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the BulletProof FTP Server 2019.0.0.50 by using a proof-of-concept exploit.'}, {'type': 'list_item', 'content': "Run the Python script `BulletProof_Storage_Server_2019.0.0.50.py` to generate a payload file named `bullet_storage.txt` containing 500 'A' characters."}, {'type': 'list_item', 'content': 'Copy the contents of `bullet_storage.txt` to the clipboard.'}, {'type': 'list_item', 'content': "Open BulletProof FTP Server, navigate to Settings > Advanced, enable the 'Override Storage-Path' setting, and paste the clipboard content."}, {'type': 'list_item', 'content': 'Save the configuration; if the server crashes, the vulnerability is present.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart