Nixpkgs security tracker

Untriaged

Permalink CVE-2021-47865

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 months, 4 weeks ago

ProFTPD 1.3.7a - Remote Denial of Service

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

References

ExploitDB-49697 exploit
ProFTPD Official Website product
ProFTPD GitHub Repository product
VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service third-party-advisory
ProFTPD GitHub Repository issue-tracking

Affected products

ProFTPD

==1.3.7a

Matching in nixpkgs

pkgs.proftpd

Highly configurable GPL-licensed FTP server software

nixos-unstable 1.3.9
- nixpkgs-unstable 1.3.9
- nixos-unstable-small 1.3.9
nixos-25.11 1.3.9
- nixpkgs-25.11-darwin 1.3.9

Package maintainers

@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@osnyx Oliver Schmidt <os@flyingcircus.io>
@dpausp Tobias Stenzel <dpausp@posteo.de>
@frlan Frank Lanitz <frank@frank.uvena.de>
@ctheune Christian Theune <ct@flyingcircus.io>
@leona-ya Leona Maroni <nix@leona.is>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.proftpd

Package maintainers