Back to search
CVE-2020-9273
Published: Feb 20, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
x_refsource_CONFIRM
https://github.com/proftpd/proftpd/issues/903
x_refsource_CONFIRM
[debian-lts-announce] 20200221 [SECURITY] [DLA 2115-1] proftpd-dfsg security update
mailing-list
x_refsource_MLIST
DSA-4635
vendor-advisory
x_refsource_DEBIAN
FEDORA-2020-76c707cff0
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-876b1f664e
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:0273
vendor-advisory
x_refsource_SUSE
[debian-lts-announce] 20200302 [SECURITY] [DLA 2115-2] proftpd-dfsg regression update
mailing-list
x_refsource_MLIST
GLSA-202003-35
vendor-advisory
x_refsource_GENTOO
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf
x_refsource_CONFIRM
[oss-security] 20210824 Possible memory leak on getspnam / getspnam_r
mailing-list
x_refsource_MLIST
[oss-security] 20210906 Re: Possible memory leak on getspnam / getspnam_r
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now