7.5

CVE-2019-18217

Exploit
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ProftpdProftpd Version <= 1.3.5
ProftpdProftpd Version1.3.6 Update-
ProftpdProftpd Version1.3.6 Updatea
ProftpdProftpd Version1.3.6 Updaterc1
ProftpdProftpd Version1.3.6 Updaterc2
ProftpdProftpd Version1.3.6 Updaterc3
ProftpdProftpd Version1.3.6 Updaterc4
ProftpdProftpd Version1.3.7 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.51% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf
https://github.com/proftpd/proftpd/blob/1.3.6/NEWS
Third Party Advisory
Release Notes
https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES
Third Party Advisory
Release Notes
https://github.com/proftpd/proftpd/blob/master/NEWS
Third Party Advisory
Release Notes
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
Third Party Advisory
Release Notes
https://github.com/proftpd/proftpd/issues/846
Third Party Advisory
Exploit
Issue Tracking
https://lists.debian.org/debian-lts-announce/2019/10/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJDQRVZTILBX4BUCTIRKP2WBHDHDCJR5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/
https://seclists.org/bugtraq/2019/Nov/7
https://security.gentoo.org/glsa/202003-35
https://www.debian.org/security/2019/dsa-4559