Vulnerability Details : CVE-2021-46854
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
Products affected by CVE-2021-46854
- cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
Threat overview for CVE-2021-46854
Top countries where our scanners detected CVE-2021-46854
Top open port discovered on systems with this issue
21
IPs affected by CVE-2021-46854 341,125
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-46854!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-46854
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-46854
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-46854
-
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-46854
-
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e
Release Notes;Vendor Advisory
-
https://security.gentoo.org/glsa/202305-03
ProFTPd: Memory Disclosure (GLSA 202305-03) — Gentoo security
-
https://github.com/proftpd/proftpd/issues/1284
mod_radius: memory disclosure to radius server · Issue #1284 · proftpd/proftpd · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://github.com/proftpd/proftpd/pull/1285
mod_radius: copy _only_ the password by zeha · Pull Request #1285 · proftpd/proftpd · GitHubThird Party Advisory
-
https://bugs.gentoo.org/811495
811495 – <net-ftp/proftpd-1.3.7c: memory disclosure to RADIUS serversIssue Tracking;Third Party Advisory
Jump to