CVE-2019-18217

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ProFTPD versions prior to 1.3.6b ProFTPD version 1.3.7rc before 1.3.7rc2

Description The issue is related to the incorrect handling of overly long commands in the main.c component of the ProFTPD FTP server. This can lead to a remote unauthenticated denial-of-service, causing the server to enter an infinite loop. The vulnerability allows a remote attacker to exploit this weakness, resulting in a denial-of-service.

Recommendations For ProFTPD versions prior to 1.3.6b, update to version 1.3.6b or later. For ProFTPD version 1.3.7rc before 1.3.7rc2, update to version 1.3.7rc2 or later.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2020-2973

ALT-PU-2020-2992

ALT-PU-2021-2692

ALT-PU-2023-5874

ALT-PU-2024-13729

BDU:2019-04710

CVE-2019-18217

DLA-1974-1

DSA-4559-1

OPENSUSE-SU-2020:0031-1

OPENSUSE-SU-2020_0031-1

OPENSUSE-SU-2024:11196-1

Affected Products

Alt Linux

Proftpd

Suse

CVE-2019-18217

Weakness Enumeration

Related Identifiers

Affected Products

References · 47