CVE-2019-19269
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Se detectó un problema en tls_verify_crl en ProFTPD versiones hasta 1.3.6b. Se puede presentar una desreferencia de un puntero NULL. Este puntero es devuelto por la función sk_X509_REVOKED_value() de OpenSSL cuando encuentra una CRL vacía instalada mediante un administrador del sistema. La desreferencia se presenta cuando se comprueba el certificado de un cliente que conecta al servidor en una configuración de autenticación mutua cliente/servidor TLS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-26 CVE Reserved
- 2019-11-26 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/11/msg00039.html | Mailing List |
|
| https://www.oracle.com/security-alerts/cpuapr2020.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/proftpd/proftpd/issues/861 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | <= 1.3.5e Search vendor "Proftpd" for product "Proftpd" and version " <= 1.3.5e" | - |
Affected
| ||||||
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | 1.3.6 Search vendor "Proftpd" for product "Proftpd" and version "1.3.6" | - |
Affected
| ||||||
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | 1.3.6 Search vendor "Proftpd" for product "Proftpd" and version "1.3.6" | alpha |
Affected
| ||||||
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | 1.3.6 Search vendor "Proftpd" for product "Proftpd" and version "1.3.6" | beta |
Affected
| ||||||
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | 1.3.6 Search vendor "Proftpd" for product "Proftpd" and version "1.3.6" | rc1 |
Affected
| ||||||
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | 1.3.6 Search vendor "Proftpd" for product "Proftpd" and version "1.3.6" | rc2 |
Affected
| ||||||
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | 1.3.6 Search vendor "Proftpd" for product "Proftpd" and version "1.3.6" | rc3 |
Affected
| ||||||
| Proftpd Search vendor "Proftpd" | Proftpd Search vendor "Proftpd" for product "Proftpd" | 1.3.6 Search vendor "Proftpd" for product "Proftpd" and version "1.3.6" | rc4 |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||