CVE-2020-9273

HIGH

Proftpd < 3.0 - Use After Free

Title source: rule

Description

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Exploits (3)

github WORKING POC 690 stars

by lockedbyte · cpoc

https://github.com/lockedbyte/CVE-Exploits/tree/master/CVE-2020-9273

View Code ZIP pw:eip

github 34 stars

by DarkFunct · cpoc

https://github.com/DarkFunct/CVE_Exploits/tree/main/CVE-2020-9273

View on github

nomisec WORKING POC 12 stars

by ptef · poc

https://github.com/ptef/CVE-2020-9273

View Code ZIP pw:eip

References (12)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/08/25/1

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/09/06/2

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf

[Release Notes, Third Party Advisory] https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES

[Third Party Advisory] https://github.com/proftpd/proftpd/issues/903

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/02/msg00022.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/03/msg00002.html

[Third Party Advisory] https://security.gentoo.org/glsa/202003-35

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4635

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCUPRYSJR7XOM3HQ6H5M4OGDU7OHCHBF/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHO3S5WPRRP7VGKIAHLYQVEYW5HRYIJN/

Scores

CVSS v3 8.8

EPSS 0.6894

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (10)

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 30

fedoraproject/fedora 31

opensuse/backports_sle 15.0 (2 CPE variants)

opensuse/leap 15.1

proftpd/proftpd 1.3.7

siemens/simatic_net_cp_1543-1_firmware < 3.0

siemens/simatic_net_cp_1545-1_firmware

Published Feb 20, 2020

Tracked Since Feb 18, 2026