CVE-2019-19269

Published Nov 30, 2019

Last updated a year ago

CVSS medium 4.9

Overview

Description: An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.9
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9489E448-D5B8-4A38-99CE-C472EA881D69",
            "versionEndIncluding": "1.3.5e"
          },
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47526BA5-3955-43B3-8EA4-5C29DDA3F9C7"
          },
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FC30FC2-1DEB-4CA7-922C-EA94E895E978"
          },
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F41C633-216D-4A8C-BAA6-940452751735"
          },
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6475817-8CC7-4C0C-A9A6-E58189852DA2"
          },
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84CB8C28-C432-4FD4-9B76-CA6C2C8824D9"
          },
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21D053B1-AFDE-4859-ACFB-C51DC28EAA04"
          },
          {
            "criteria": "cpe:2.3:a:proftpd:proftpd:1.3.6:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA9A0785-FF92-4AB0-8F42-9060FB24120E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References