In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
proftpd proftpd 1.3.7 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
siemens simatic_net_cp_1545-1_firmware - |
||
siemens simatic_net_cp_1543-1_firmware |