mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
References
Link | Resource |
---|---|
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e | Release Notes Vendor Advisory |
https://bugs.gentoo.org/811495 | Issue Tracking Third Party Advisory |
https://github.com/proftpd/proftpd/issues/1284 | Exploit Issue Tracking Third Party Advisory |
https://github.com/proftpd/proftpd/pull/1285 | Third Party Advisory |
https://security.gentoo.org/glsa/202305-03 |
Configurations
History
03 May 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Nov 2022, 03:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:* | |
First Time |
Proftpd
Proftpd proftpd |
|
CWE | CWE-401 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://bugs.gentoo.org/811495 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/proftpd/proftpd/issues/1284 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/proftpd/proftpd/pull/1285 - Third Party Advisory | |
References | (MISC) http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e - Release Notes, Vendor Advisory |
23 Nov 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-23 07:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-46854
Mitre link : CVE-2021-46854
CVE.ORG link : CVE-2021-46854
JSON object : View
Products Affected
proftpd
- proftpd
CWE
CWE-401
Missing Release of Memory after Effective Lifetime