This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Proftpd First view 2019-11-26
Product Proftpd Last view 2019-11-30
Version 1.3.6 Type Application
Update alpha  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:proftpd:proftpd

Activity : Overall

Related : CVE

  Date Alert Description
4.9 2019-11-30 CVE-2019-19269

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

7.5 2019-11-26 CVE-2019-19270

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-476 NULL Pointer Dereference
50% (1) CWE-295 Certificate Issues