CVE-2021-46854

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.

mod_radius en ProFTPD anterior a 1.3.7c permite la divulgación de memoria a servidores RADIUS porque copia bloques de 16 caracteres.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-23 CVE Reserved
2022-11-23 CVE Published
2024-06-15 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (5)

URL	Tag	Source
https://bugs.gentoo.org/811495	Issue Tracking
https://github.com/proftpd/proftpd/pull/1285	Third Party Advisory

URL	Date	SRC
https://github.com/proftpd/proftpd/issues/1284	2024-08-04

URL	Date	SRC

URL	Date	SRC
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e	2023-05-03
https://security.gentoo.org/glsa/202305-03	2023-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Proftpd Search vendor "Proftpd"		Proftpd Search vendor "Proftpd" for product "Proftpd"				< 1.3.7c Search vendor "Proftpd" for product "Proftpd" and version " < 1.3.7c"		-		Affected