Out-of-Bounds Read Vulnerability in ProFTPD by ProFTPD Project
CVE-2020-9272

7.5HIGH

Key Information:

Vendor

Proftpd

Status
Proftpd
Vendor
CVE Published:
20 February 2020

What is CVE-2020-9272?

ProFTPD version 1.3.7 contains an out-of-bounds read vulnerability in the mod_cap module, specifically within the cap_to_text function in cap_text.c. This flaw may allow an attacker to potentially access unauthorized memory locations, thereby exposing sensitive data. Users and administrators of ProFTPD should assess their systems and apply the necessary updates to mitigate any risks associated with this vulnerability.

References

https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
x_refsource_CONFIRM
https://github.com/proftpd/proftpd/issues/902
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.