Описание
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A ...
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Уязвимость FTP-сервера ProFTPD, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.9 Medium
CVSS3
4 Medium
CVSS2