Back to search
CVE-2019-19269
Published: Nov 26, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/proftpd/proftpd/issues/861
x_refsource_MISC
[debian-lts-announce] 20191130 [SECURITY] [DLA 2018-1] proftpd-dfsg security update
mailing-list
x_refsource_MLIST
FEDORA-2019-65a983b8b6
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-bfacf1e958
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:0031
vendor-advisory
x_refsource_SUSE
GLSA-202003-35
vendor-advisory
x_refsource_GENTOO
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now