In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
2020-02-20T16:15:11.950
2024-11-21T05:40:19.713
Modified
CVSSv3.1: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | proftpd | proftpd | 1.3.7 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Operating System | fedoraproject | fedora | 30 | Yes |
| Operating System | fedoraproject | fedora | 31 | Yes |
| Application | opensuse | backports_sle | 15.0 | Yes |
| Application | opensuse | backports_sle | 15.0 | Yes |
| Operating System | opensuse | leap | 15.1 | Yes |
| Operating System | siemens | simatic_net_cp_1545-1_firmware | - | Yes |
| Hardware | siemens | simatic_net_cp_1545-1 | - | No |
| Operating System | siemens | simatic_net_cp_1543-1_firmware | < 3.0 | Yes |
| Hardware | siemens | simatic_net_cp_1543-1 | - | No |