{"id":"CVE-2019-18217","details":"ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.","modified":"2026-03-20T11:28:34.932479Z","published":"2019-10-21T04:15:10.433Z","related":["openSUSE-SU-2020:0031-1","openSUSE-SU-2024:11196-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJDQRVZTILBX4BUCTIRKP2WBHDHDCJR5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RB2FPAWDWXT5ALAFIC5Y3RSEMXSFL6H2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLRPYEEMQJVAXO2SXRGOQ4HBFEEPCNXG/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00036.html"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Nov/7"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-35"},{"type":"ADVISORY","url":"https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES"},{"type":"ADVISORY","url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4559"},{"type":"ADVISORY","url":"https://github.com/proftpd/proftpd/blob/1.3.6/NEWS"},{"type":"ADVISORY","url":"https://github.com/proftpd/proftpd/blob/master/NEWS"},{"type":"REPORT","url":"https://github.com/proftpd/proftpd/issues/846"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/proftpd/proftpd","events":[{"introduced":"0"},{"last_affected":"46a4c089eec7dfc9b7c168c98bdb06371eb694ef"},{"introduced":"0"},{"last_affected":"14f155e2f194f75d05a1656d13f4228257ba3091"},{"introduced":"0"},{"last_affected":"14f155e2f194f75d05a1656d13f4228257ba3091"},{"introduced":"0"},{"last_affected":"39c1e2afdc99df211eb5718a9bfe3d2d11635298"},{"introduced":"0"},{"last_affected":"04d98b231341613fe7d5a8647547150d910a5aea"},{"introduced":"0"},{"last_affected":"7ec4b897ec5bdb243c3989301cb82a4f644fa2e6"},{"introduced":"0"},{"last_affected":"e280a27aae2b8ee5266abec70992cbb607c1bc20"},{"introduced":"0"},{"last_affected":"6b70ebfc898c0d8f19b600e0b404ee21d46da425"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.5"},{"introduced":"0"},{"last_affected":"1.3.6-NA"},{"introduced":"0"},{"last_affected":"1.3.6-a"},{"introduced":"0"},{"last_affected":"1.3.6-rc1"},{"introduced":"0"},{"last_affected":"1.3.6-rc2"},{"introduced":"0"},{"last_affected":"1.3.6-rc3"},{"introduced":"0"},{"last_affected":"1.3.6-rc4"},{"introduced":"0"},{"last_affected":"1.3.7-rc1"}]}}],"versions":["v1.3.5a","v1.3.5b","v1.3.5c","v1.3.5d","v1.3.5e","v1.3.6","v1.3.6a","v1.3.6b","v1.3.6c","v1.3.6d","v1.3.6e","v1.3.6rc1","v1.3.6rc2","v1.3.6rc3","v1.3.6rc4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18217.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}