{"id":"UBUNTU-CVE-2019-25683","details":"FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.","modified":"2026-05-20T16:03:51.411397087Z","published":"2026-04-05T21:16:00Z","upstream":["CVE-2019-25683"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-25683"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-25683"},{"type":"REPORT","url":"https://filezilla-project.org"},{"type":"REPORT","url":"https://www.exploit-db.com/exploits/46484"},{"type":"REPORT","url":"https://www.vulncheck.com/advisories/filezilla-denial-of-service-via-local-search"}],"affected":[{"package":{"name":"filezilla","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/filezilla?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.12.0.2-1ubuntu2","3.14.1-1ubuntu1","3.15.0.2-0ubuntu1","3.15.0.2-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"filezilla","binary_version":"3.15.0.2-1ubuntu1"},{"binary_name":"filezilla-common","binary_version":"3.15.0.2-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25683.json"}},{"package":{"name":"filezilla","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/filezilla?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.27.0~rc1-1","3.28.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"filezilla","binary_version":"3.28.0-1"},{"binary_name":"filezilla-common","binary_version":"3.28.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25683.json"}},{"package":{"name":"filezilla","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/filezilla?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.39.0-2","3.45.1-3","3.45.1-3build1","3.46.3-1~build1","3.46.3-1","3.46.3-1build1","3.46.3-1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"filezilla","binary_version":"3.46.3-1ubuntu0.1"},{"binary_name":"filezilla-common","binary_version":"3.46.3-1ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25683.json"}},{"package":{"name":"filezilla","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/filezilla?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.52.2-3","3.56.0-1","3.56.2-1","3.57.0-1","3.57.0-1build1","3.58.0-1","3.58.0-1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"filezilla","binary_version":"3.58.0-1ubuntu0.1"},{"binary_name":"filezilla-common","binary_version":"3.58.0-1ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25683.json"}},{"package":{"name":"filezilla","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/filezilla?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.65.0-3","3.66.1-2","3.66.1-3","3.66.1-3.2","3.66.1-4","3.66.4-1","3.66.4-2","3.66.5-2","3.66.5-2build1","3.66.5-2build2"],"ecosystem_specific":{"binaries":[{"binary_name":"filezilla","binary_version":"3.66.5-2build2"},{"binary_name":"filezilla-common","binary_version":"3.66.5-2build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25683.json"}},{"package":{"name":"filezilla","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/filezilla?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.68.1-1","3.69.3-1"],"ecosystem_specific":{"binaries":[{"binary_name":"filezilla","binary_version":"3.69.3-1"},{"binary_name":"filezilla-common","binary_version":"3.69.3-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25683.json"}},{"package":{"name":"filezilla","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/filezilla?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.69.3-1","3.69.5-1","3.69.6-1"],"ecosystem_specific":{"binaries":[{"binary_name":"filezilla","binary_version":"3.69.6-1"},{"binary_name":"filezilla-common","binary_version":"3.69.6-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-25683.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}