Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-19269

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/pro...
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2019-65a983b8b6
FEDORA: FEDORA-2019-bfacf1e958
SUSE: openSUSE-SU-2020:0031
GENTOO: GLSA-202003-35
MISC: https://www.oracle.com...

Launchpad.net

CVE 2019-19269

Related bugs

References