CVE-2019-19269

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-19269
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19269.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-19269
Downstream
Related
Published
2019-11-30T23:15:18.223Z
Modified
2026-03-15T22:28:05.488512Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.

References

Affected packages

Git / github.com/proftpd/proftpd

Affected ranges

Type
GIT
Repo
https://github.com/proftpd/proftpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
46a4c089eec7dfc9b7c168c98bdb06371eb694ef
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
14f155e2f194f75d05a1656d13f4228257ba3091
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
39c1e2afdc99df211eb5718a9bfe3d2d11635298
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
04d98b231341613fe7d5a8647547150d910a5aea
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7ec4b897ec5bdb243c3989301cb82a4f644fa2e6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e280a27aae2b8ee5266abec70992cbb607c1bc20
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.5e"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.6-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.6-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.6-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.6-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.6-rc4"
        }
    ]
}

Affected versions

v1.*
v1.3.5a
v1.3.5b
v1.3.5c
v1.3.5d
v1.3.5e
v1.3.6
v1.3.6a
v1.3.6b
v1.3.6c
v1.3.6d
v1.3.6e
v1.3.6rc1
v1.3.6rc2
v1.3.6rc3
v1.3.6rc4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19269.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.6-alpha"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.3.6-beta"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]