UBUNTU-CVE-2019-19269

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2019-19269
Published: 30 Nov 2019, 23:15
Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)
low
20/100
CVSS Score
4.9 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 Nov 2019, 23:15
Published
Vulnerability first disclosed
20 May 2026, 16:03
Last Modified
Vulnerability information updated

Description

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

CVSS Metrics

  • v3.1MEDIUMScore: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Systems

  • ubuntuproftpd-dfsg

    all | all | all | all | all | all | all

References (3)