cbcvebase.
CVE-2019-18217
published 2019-10-21

CVE-2019-18217: ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because…

PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
19.51%
97.0th percentile
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianproftpd-dfsg< proftpd-dfsg 1.3.6a-2 (bookworm)proftpd-dfsg 1.3.6a-2 (bookworm)
proftpdproftpd<= 1.3.5
proftpdproftpd
proftpdproftpd

Detection & IOCsextracted from sources · hover to see the quote

port21/TCP
command00000000 (hex, overly long FTP command trigger)
regexProFTPD ([0-9.a-z]+)
  • Banner-grab FTP port 21 and extract ProFTPD version string; flag any version less than 1.3.6b (or 1.3.7rc2 for rc builds) as vulnerable.
  • Use Shodan queries 'product:"proftpd"' or 'cpe:"cpe:2.3:a:proftpd:proftpd"' to identify exposed ProFTPD instances for targeted scanning.
  • The vulnerability manifests as an infinite loop in a child process of main.c when an overly long FTP command is received; monitor for hung/zombie ProFTPD child processes consuming CPU without completing.
  • Trigger condition is sending an overly long FTP command before authentication; detect anomalously large pre-auth FTP command payloads on port 21/TCP.
  • ·The Nuclei template sends a 4-byte hex payload (00000000) to port 21 and matches only on the ProFTPD banner string plus version comparison; this is a passive/version-check approach and does not actively trigger the infinite loop.
  • ·The FTP server is deactivated in the default configuration of the affected Siemens SIMATIC CP 1543-1 device; exploitation requires the embedded FTP server to be explicitly enabled.
  • ·No known public exploits specifically target these vulnerabilities at time of advisory publication.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.