CVE-2022-50687

Published: Dec 22, 2025Modified: Jan 5, 2026

6.9

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash.

Affected (1)

Products: Cobiansoft: Backup 11

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cobiansoft Backup 11	Version 11.2.0.582

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://www.cobiansoft.com/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/50790

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.vulncheck.com/advisories/cobian-backup-gravity-local-denial-of-service-via-password-field

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.exploit-db.com/exploits/50790

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.