{"id":"CVE-2016-3125","details":"The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.","modified":"2026-05-18T05:48:34.148851984Z","published":"2016-04-05T20:59:00.120Z","related":["openSUSE-SU-2024:10048-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"22"},{"last_affected":"23"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"],"vendor_product":"opensuse:opensuse","extracted_events":[{"last_affected":"13.1"}]}]},"references":[{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html"},{"type":"ADVISORY","url":"http://proftpd.org/docs/NEWS-1.3.5b"},{"type":"ADVISORY","url":"http://proftpd.org/docs/NEWS-1.3.6rc2"},{"type":"REPORT","url":"http://bugs.proftpd.org/show_bug.cgi?id=4230"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/03/11/14"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/03/11/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/proftpd/proftpd","events":[{"introduced":"0"},{"last_affected":"46a4c089eec7dfc9b7c168c98bdb06371eb694ef"},{"last_affected":"39c1e2afdc99df211eb5718a9bfe3d2d11635298"}],"database_specific":{"cpe":["cpe:2.3:a:proftpd:proftpd:*:a:*:*:*:*:*:*","cpe:2.3:a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.3.5"},{"last_affected":"1.3.6-rc1"}]}}],"versions":["v1.3.5e","v1.3.5d","v1.3.5c","v1.3.5b","v1.3.5a","v1.3.6rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3125.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}