CVE-2019-19269

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ProFTPD versions through 1.3.6b

Description An issue was discovered in the tls verify crl function. A dereference of a NULL pointer may occur when the OpenSSL sk X509 REVOKED value() function encounters an empty CRL installed by a system administrator. This issue happens during the validation of a client's certificate in a TLS client/server mutual-authentication setup.

Recommendations For ProFTPD versions through 1.3.6b, consider updating to a version that fixes the issue with the tls verify crl function to prevent the dereference of a NULL pointer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-2973

ALT-PU-2020-2992

ALT-PU-2021-2692

ALT-PU-2023-5874

ALT-PU-2024-13729

BDU:2025-13443

CVE-2019-19269

DLA-2018-1

MGASA-2019-0385

OPENSUSE-SU-2020:0031-1

OPENSUSE-SU-2020_0031-1

OPENSUSE-SU-2024:11196-1

Affected Products

Alt Linux

Openssl

Proftpd

Red Os

Suse

CVE-2019-19269

Weakness Enumeration

Related Identifiers

Affected Products

References · 40