UBUNTU-CVE-2019-19270

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2019-19270
Published: 26 Nov 2019, 04:15
Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Nov 2019, 04:15
Published
Vulnerability first disclosed
20 May 2026, 16:03
Last Modified
Vulnerability information updated

Description

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Systems

  • ubuntuproftpd-dfsg

    all | all | all | all | all | all | all

References (3)