Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0136Missing Release of Memory after Effective Lifetime in Proftpd

CWE-401Missing Release of Memory after Effective Lifetime6 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Debian LinuxMandrakesoft Mandrake LinuxProftpd
Timeline
PublishedMar 12
Latest updateApr 30

Description

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDproftpd/proftpd1.2.0

Also affects: Debian Linux 2.2

🔴Vulnerability Details

2
GHSA
GHSA-f684-qh6c-rp3v: Memory leak in ProFTPd 12022-04-30
CVEList
CVE-2001-0136: Memory leak in ProFTPd 12001-09-18

💥Exploits & PoCs

3
Exploit-DB
ProFTPd 1.2.0 pre10 - Remote Denial of Service2001-01-12
Exploit-DB
ProFTPd 1.2.0 rc2 - Memory Leakage2001-01-03
Exploit-DB
ProFTPd 1.2 - 'SIZE' Remote Denial of Service2000-12-20
CVE-2001-0136 — Proftpd vulnerability | cvebase