Nixpkgs security tracker
Permalink
CVE-2021-47865
7.5 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
ProFTPD 1.3.7a - Remote Denial of Service
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.
References
-
ExploitDB-49697 exploit
-
ProFTPD Official Website product
-
ProFTPD GitHub Repository product
-
VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service third-party-advisory
-
ProFTPD GitHub Repository issue-tracking
Affected products
ProFTPD
- ==1.3.7a
Package maintainers
-
@dpausp Tobias Stenzel <dpausp@posteo.de>
-
@ctheune Christian Theune <ct@flyingcircus.io>
-
@osnyx Oliver Schmidt <os@flyingcircus.io>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@frlan Frank Lanitz <frank@frank.uvena.de>