Vulnerabilities > CVE-2019-19272 - NULL Pointer Dereference vulnerability in Proftpd

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

proftpd

CWE-476

NVD

Published: 2019-11-26

Updated: 2019-12-11

Summary

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

Vulnerable Configurations

Part	Description	Count
Application	Proftpd Proftpd Proftpd 1.2.0 Proftpd Proftpd 1.2.1 Proftpd Proftpd 1.2.2 Proftpd Proftpd 1.2.3 Proftpd Proftpd 1.2.4 Proftpd Proftpd 1.2.5 Proftpd Proftpd 1.2.6 Proftpd Proftpd 1.2.7 Proftpd Proftpd 1.2.8 Proftpd Proftpd 1.2.9 Proftpd Proftpd 1.2.10 Proftpd Proftpd 1.3.0 Proftpd Proftpd 1.3.1 Proftpd Proftpd 1.3.2 Proftpd Proftpd 1.3.3 Proftpd Proftpd 1.3.4 Proftpd Proftpd 1.3.5 Proftpd Proftpd 1.3.5A Proftpd Proftpd 1.3.5B Proftpd Proftpd 1.3.5C Proftpd Proftpd 1.3.5D Proftpd Proftpd 1.3.5E	82

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/proftpd/proftpd/issues/858