VulnerableCode Package Details - pkg:deb/ubuntu/proftpd-dfsg@1.3.6-6build2

Search for packages

Package details: pkg:deb/ubuntu/proftpd-dfsg@1.3.6-6build2

Essentials
History (0)

purl	pkg:deb/ubuntu/proftpd-dfsg@1.3.6-6build2

Next non-vulnerable version	1.3.6c-1
Latest non-vulnerable version	1.3.6c-1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-hhjt-wqw4-aaak Aliases: CVE-2020-9273	In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.	1.3.6c-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-bgwf-hej6-aaac	An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.	CVE-2019-12815
VCID-ces2-asry-aaaj	An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server.	CVE-2019-19271
VCID-j4rj-fwju-aaaf	An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.	CVE-2019-19272

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version