CVE-2020-9273

Published February 20th, 2020

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

HIGH

Affected

PROJECT

Description

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

proftpd/proftpd

ProFTPD source code

GitHub

589