7.5
CVE-2021-46854
- EPSS 1.13%
- Veröffentlicht 23.11.2022 07:15:09
- Zuletzt bearbeitet 28.04.2025 21:15:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e
https://bugs.gentoo.org/811495
https://github.com/proftpd/proftpd/issues/1284
https://github.com/proftpd/proftpd/pull/1285
https://security.gentoo.org/glsa/202305-03