FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field and initiating a local search operation.
3.12.0.2-1ubuntu23.14.1-1ubuntu13.15.0.2-0ubuntu13.15.0.2-1ubuntu13.27.0~rc1-13.28.0-13.39.0-23.45.1-33.45.1-3build13.46.3-13.46.3-1build13.46.3-1ubuntu0.13.46.3-1~build13.52.2-33.56.0-13.56.2-13.57.0-13.57.0-1build13.58.0-13.58.0-1ubuntu0.13.65.0-33.66.1-23.66.1-33.66.1-3.23.66.1-43.66.4-13.66.4-23.66.5-23.66.5-2build13.66.5-2build23.68.1-13.69.3-13.69.3-13.69.5-13.69.6-1Exploitability
AV:LAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:NVA:HSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N