First published: Tue Nov 26 2019(Updated: )
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Proftpd Proftpd | <1.3.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19272 is a vulnerability found in ProFTPD before version 1.3.6, which allows for a direct dereference of a null pointer leading to a crash in certain TLS client/server mutual-authentication setups.
The severity of CVE-2019-19272 is high, with a CVSS score of 7.5.
CVE-2019-19272 affects ProFTPD versions up to, but not including, 1.3.6.
To fix CVE-2019-19272, upgrade to ProFTPD version 1.3.6 or later.
More information about CVE-2019-19272 can be found at the following link: [https://github.com/proftpd/proftpd/issues/858](https://github.com/proftpd/proftpd/issues/858).