Vulnerability Details : CVE-2009-4593
The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the end of the string value of the ut.bu_host structure member, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
Vulnerability category: Denial of service
Threat overview for CVE-2009-4593
Top countries where our scanners detected CVE-2009-4593
Top open port discovered on systems with this issue
21
IPs affected by CVE-2009-4593 509,470
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-4593!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-4593
Probability of exploitation activity in the next 30 days: 0.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-4593
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2009-4593
Products affected by CVE-2009-4593
- cpe:2.3:a:jesse_smith:bftpd:*:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:jesse_smith:bftpd:1.6:*:*:*:*:*:*:*