Launchpad CVE tracker

CVE 2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/pro...
CONFIRM: https://github.com/pro...
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-4635
FEDORA: FEDORA-2020-76c707cff0
FEDORA: FEDORA-2020-876b1f664e
SUSE: openSUSE-SU-2020:0273
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-202003-35
CONFIRM: https://cert-portal.si...
MLIST: [oss-security] 2021082...
MLIST: [oss-security] 2021090...

Launchpad.net

CVE 2020-9273

Related bugs

References