ProFTPD up to 1.3.5 TLS tls_verify_crl denial of service
| CVSS Meta Temp Score | Current Exploit Price (โ) | CTI Interest Score |
|---|---|---|
| 3.4 | $0-$5k | 4.78 |
A vulnerability has been found in ProFTPD up to 1.3.5 (File Transfer Software) and classified as problematic. This vulnerability affects the function tls_verify_crl of the component TLS Handler. The manipulation with an unknown input leads to a denial of service vulnerability (Crash). The CWE definition for the vulnerability is CWE-404. As an impact it is known to affect availability.
The weakness was disclosed 11/26/2019. This vulnerability was named CVE-2019-19272 since 11/26/2019. Technical details are known, but there is no available exploit.
Upgrading to version 1.3.6 eliminates this vulnerability.
The entries 146361 and 146360 are pretty similar.
Type
Name
VulDB Meta Base Score: 3.5
VulDB Meta Temp Score: 3.4
VulDB Base Score: โ3.5
VulDB Temp Score: โ3.4
VulDB Vector: ๐
VulDB Reliability: ๐
VulDB Base Score: ๐
VulDB Temp Score: ๐
VulDB Reliability: ๐
Class: Denial of service / Crash (CWE-404)
Local: Yes
Remote: No
Availability: ๐
Status: Not defined
Price Prediction: ๐
Current Price Estimation: ๐
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ๐
Adversaries: ๐
Geopolitics: ๐
Economy: ๐
Predictions: ๐
Remediation: ๐Recommended: Upgrade
Status: ๐
0-Day Time: ๐
Upgrade: ProFTPD 1.3.6
11/26/2019 Advisory disclosed
11/26/2019 VulDB entry created
11/26/2019 CVE assigned
11/26/2019 VulDB last update
CVE: CVE-2019-19272 (๐)
See also: ๐Created: 11/26/2019 02:12 PM
Complete: ๐
Download the whitepaper to learn more about our service!
https://vuldb.com/?id.146362
Gloss