CVE-2020-9272 — Out-of-bounds Read in Proftpd

CWE-125 — Out-of-bounds Read9 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Proftpd Siemens Simatic NET CP 1543-1 Firmware Opensuse Backports SLE +1 more

Timeline

PublishedFeb 20

Latest updateMay 24

Description

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDproftpd/proftpd< 1.3.6c

▶NVDsiemens/simatic_net_cp_1543-1_firmware< 3.0

▶NVDopensuse/leap15.1

▶NVDopensuse/backports_sle15.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-r2q2-3638-2qp4: ProFTPD 1↗2022-05-24

▶

OSV

CVE-2020-9272: ProFTPD 1↗2020-02-20

▶

CVEList

CVE-2020-9272: ProFTPD 1↗2020-02-20

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC CP (Update A)↗2021-08-10

▶

Debian

CVE-2020-9272: proftpd-dfsg - ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the c...↗2020

▶

💬Community

Bugzilla

CVE-2020-9272 proftpd: out-of-bounds read in cap_to_text in cap_text.c↗2020-03-02

▶

Bugzilla

CVE-2020-9272 proftpd: out-of-bounds read in cap_to_text in cap_text.c [epel-all]↗2020-03-02

▶

Bugzilla

CVE-2020-9272 proftpd: out-of-bounds read in cap_to_text in cap_text.c [fedora-all]↗2020-03-02

▶