Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-19269

Опубликовано: 30 нояб. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
proftpd-dfsgfixed1.3.6b-2package
proftpd-dfsgfixed1.3.6-4+deb10u3busterpackage
proftpd-dfsgfixed1.3.5b-4+deb9u3stretchpackage

Примечания

  • https://github.com/proftpd/proftpd/issues/861

  • https://github.com/proftpd/proftpd/commit/81cc5dce4fc0285629a1b08a07a109af10c208dd (master)

  • https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f (1.3.6 branch)

EPSS

Процентиль: 82%
0.0178
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-19269

CVSS3: 4.9
ubuntu
около 6 лет назад

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

nvd логотип

CVE-2019-19269

CVSS3: 4.9
nvd
около 6 лет назад

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

github логотип

GHSA-46rx-rvqp-8rxj

github
больше 3 лет назад

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

fstec логотип

BDU:2025-13443

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость FTP-сервера ProFTPD, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

openSUSE-SU-2020:0031-1

suse-cvrf
почти 6 лет назад

Security update for proftpd

EPSS

Процентиль: 82%
0.0178
Низкий