Memory Disclosure Vulnerability in ProFTPD by ProFTPD Project
CVE-2021-46854

7.5HIGH

Key Information:

Vendor: Proftpd
Status: Proftpd
Vendor: CVE Published:; 23 November 2022

What is CVE-2021-46854?

The memory disclosure vulnerability in ProFTPD prior to version 1.3.7c allows attackers to exploit the mod_radius module, enabling unauthorized access to sensitive information. Due to improper handling of memory copying operations, specifically copying blocks of 16 characters, the vulnerability can lead to the exposure of confidential data to RADIUS servers. This flaw poses a significant risk to systems using the affected versions of ProFTPD, making immediate updates to secure versions essential for network safety.

References

https://github.com/proftpd/proftpd/issues/1284

https://github.com/proftpd/proftpd/pull/1285

https://bugs.gentoo.org/811495

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Nov 23, 2022

JSON

Proftpd

What is CVE-2021-46854?

References

CVSS V3.1

Timeline