{"id":"UBUNTU-CVE-2019-18217","details":"ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.","modified":"2026-01-20T17:08:47.237411Z","published":"2019-10-21T04:15:00Z","upstream":["CVE-2019-18217"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-18217"},{"type":"REPORT","url":"https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4"},{"type":"REPORT","url":"https://github.com/proftpd/proftpd/issues/846"},{"type":"REPORT","url":"https://github.com/proftpd/proftpd/blob/1.3.6/NEWS"},{"type":"REPORT","url":"https://github.com/proftpd/proftpd/blob/1.3.6/RELEASE_NOTES"},{"type":"REPORT","url":"https://github.com/proftpd/proftpd/blob/master/NEWS"},{"type":"REPORT","url":"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-18217"}],"affected":[{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.5a-1ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.5-2","1.3.5a-1","1.3.5a-1build1","1.3.5a-1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-basic","binary_version":"1.3.5a-1ubuntu0.1"},{"binary_name":"proftpd-dev","binary_version":"1.3.5a-1ubuntu0.1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.5a-1ubuntu0.1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.5a-1ubuntu0.1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.5a-1ubuntu0.1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.5a-1ubuntu0.1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.5a-1ubuntu0.1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.5a-1ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-18217.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.5e-1build1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.5d-1","1.3.5e-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-basic","binary_version":"1.3.5e-1build1"},{"binary_name":"proftpd-dev","binary_version":"1.3.5e-1build1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.5e-1build1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.5e-1build1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.5e-1build1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.5e-1build1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.5e-1build1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.5e-1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-18217.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.6c-2ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.6-6build2","1.3.6c-1","1.3.6c-2","1.3.6c-2ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-basic","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-dev","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-snmp","binary_version":"1.3.6c-2ubuntu0.1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.6c-2ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-18217.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.7c+dfsg-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.7b+dfsg-1","1.3.7c+dfsg-1build1","1.3.7c+dfsg-1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-basic","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-core","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-dev","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-crypto","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-snmp","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.7c+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-wrap","binary_version":"1.3.7c+dfsg-1ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-18217.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.8.b+dfsg-1ubuntu0.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.8+dfsg-8","1.3.8.a+dfsg-1","1.3.8.b+dfsg-1","1.3.8.b+dfsg-1build1","1.3.8.b+dfsg-1build2","1.3.8.b+dfsg-1build3","1.3.8.b+dfsg-1ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-core","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-dev","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-crypto","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-snmp","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"},{"binary_name":"proftpd-mod-wrap","binary_version":"1.3.8.b+dfsg-1ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-18217.json"}},{"package":{"name":"proftpd-dfsg","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/proftpd-dfsg@1.3.9~dfsg-3?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.8.c+dfsg-2","1.3.8.c+dfsg-4","1.3.9~dfsg-3"],"ecosystem_specific":{"binaries":[{"binary_name":"proftpd-core","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-dev","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-crypto","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-geoip","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-ldap","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-mysql","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-odbc","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-pgsql","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-snmp","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-sqlite","binary_version":"1.3.9~dfsg-3"},{"binary_name":"proftpd-mod-wrap","binary_version":"1.3.9~dfsg-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-18217.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}