CVE-2020-9272
Publication date 20 February 2020
Last updated 25 August 2025
Ubuntu priority
Description
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| proftpd-dfsg | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release |
Notes
ebarretto
According to Debian: Debian does not build mod_cap and does not use the embedded libcap. Sourcewise fixed in 1.3.6c by updating to the lastest libcap.
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.5 · High
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N