What is CVE-2019-18217?

CVE-2019-18217 is a vulnerability in ProFTPD versions before 1.3.6b and 1.3.7rc before 1.3.7rc2 that allows remote unauthenticated denial-of-service attacks.

How severe is CVE-2019-18217?

CVE-2019-18217 has a severity rating of 7.5 (high).

What is the affected software of CVE-2019-18217?

The affected software of CVE-2019-18217 includes ProFTPD versions 1.3.5, 1.3.6, 1.3.6-a, 1.3.6-rc1, 1.3.6-rc2, 1.3.6-rc3, 1.3.6-rc4, and 1.3.7-rc1.

How can I fix CVE-2019-18217?

To fix CVE-2019-18217, it is recommended to update ProFTPD to version 1.3.6b or 1.3.7rc2, or apply the appropriate security patches provided by the vendor.

Where can I find more information about CVE-2019-18217?

You can find more information about CVE-2019-18217 on the following references: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html, https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf, and https://github.com/proftpd/proftpd/blob/1.3.6/NEWS

Vulnerability/
CVE-2019-18217

high

7.5

CWE

835

21/10/2019

5/8/2024

CVE-2019-18217

First published: Mon Oct 21 2019(Updated: )

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/proftpd-dfsg	<=1.3.6a-1<=1.3.6-6<=1.3.5b-4+deb9u1<=1.3.6-4+deb10u1<=1.3.5b-1	1.3.6-4+deb10u2 1.3.6a-2 1.3.5b-4+deb9u2
debian/proftpd-dfsg		1.3.6-4+deb10u6 1.3.6-4+deb10u4 1.3.7a+dfsg-12+deb11u2 1.3.8+dfsg-4+deb12u1 1.3.8+dfsg-8
Proftpd Proftpd	<=1.3.5
Proftpd Proftpd	=1.3.6
Proftpd Proftpd	=1.3.6-a
Proftpd Proftpd	=1.3.6-rc1
Proftpd Proftpd	=1.3.6-rc2
Proftpd Proftpd	=1.3.6-rc3
Proftpd Proftpd	=1.3.6-rc4
Proftpd Proftpd	=1.3.7-rc1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-18217?
CVE-2019-18217 is a vulnerability in ProFTPD versions before 1.3.6b and 1.3.7rc before 1.3.7rc2 that allows remote unauthenticated denial-of-service attacks.
How severe is CVE-2019-18217?
CVE-2019-18217 has a severity rating of 7.5 (high).
What is the affected software of CVE-2019-18217?
The affected software of CVE-2019-18217 includes ProFTPD versions 1.3.5, 1.3.6, 1.3.6-a, 1.3.6-rc1, 1.3.6-rc2, 1.3.6-rc3, 1.3.6-rc4, and 1.3.7-rc1.
How can I fix CVE-2019-18217?
To fix CVE-2019-18217, it is recommended to update ProFTPD to version 1.3.6b or 1.3.7rc2, or apply the appropriate security patches provided by the vendor.
Where can I find more information about CVE-2019-18217?
You can find more information about CVE-2019-18217 on the following references: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html, https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf, and https://github.com/proftpd/proftpd/blob/1.3.6/NEWS

collector/debian-bugs
alias/CVE-2019-18217
collector/security-tracker-debian
collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/mitre-cve
source/MITRE
package-manager/debian
vendor/proftpd
canonical/proftpd proftpd
version/proftpd proftpd/1.3.5
version/proftpd proftpd/1.3.6
version/proftpd proftpd/1.3.6-a
version/proftpd proftpd/1.3.6-rc1
version/proftpd proftpd/1.3.6-rc2
version/proftpd proftpd/1.3.6-rc3
version/proftpd proftpd/1.3.6-rc4
version/proftpd proftpd/1.3.7-rc1