CVE-2020-9273

Опубликовано: 20 фев. 2020

Источник: debian

EPSS Средний

Описание

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
proftpd-dfsg	fixed	1.3.6c-2		package

Примечания

https://github.com/proftpd/proftpd/issues/903
https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master)
https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master)
https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c)
https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch)

EPSS

Процентиль: 98%

0.6675

Средний

Связанные уязвимости

CVE-2020-9273

CVSS3: 8.8

ubuntu

почти 6 лет назад

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

CVE-2020-9273

CVSS3: 8.8

nvd

почти 6 лет назад

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

GHSA-j879-hg9w-v5qv

github

больше 3 лет назад

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

BDU:2020-05776

CVSS3: 8.8

fstec

почти 6 лет назад

Уязвимость реализации функции alloc_pool FTP-сервера ProFTPD, позволяющая нарушителю выполнить произвольный код

openSUSE-SU-2020:0273-1

suse-cvrf

больше 5 лет назад

Security update for proftpd

EPSS

Процентиль: 98%

0.6675

Средний