Description
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
References (5)
Core 5
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/proftpd/proftpd/issues/902
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202003-35
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf
Scores
CVSS v3
7.5
EPSS
0.0052
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (5)
opensuse/backports_sle
15.0 (2 CPE variants)
opensuse/leap
15.1
proftpd/proftpd
< 1.3.6c
siemens/simatic_net_cp_1543-1_firmware
< 3.0
siemens/simatic_net_cp_1545-1_firmware
Published
Feb 20, 2020
Tracked Since
Feb 18, 2026