CVE-2021-46854

Summary

CVE	CVE-2021-46854
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-23 07:15:00 UTC
Updated	2023-05-03 11:15:00 UTC
Description	mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.

Risk And Classification

Problem Types: CWE-401

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Proftpd	Proftpd	All	All	All	All

References

Reference	Source	Link	Tags
mod_radius: copy _only_ the password by zeha · Pull Request #1285 · proftpd/proftpd · GitHub	MISC	github.com
ProFTPd: Memory Disclosure (GLSA 202305-03) — Gentoo security	GENTOO	security.gentoo.org
mod_radius: memory disclosure to radius server · Issue #1284 · proftpd/proftpd · GitHub	MISC	github.com
www.proftpd.org/docs/RELEASE_NOTES-1.3.7e	MISC	www.proftpd.org
811495 – <net-ftp/proftpd-1.3.7c: memory disclosure to RADIUS servers	MISC	bugs.gentoo.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181245 Debian Security Update for proftpd-dfsg (CVE-2021-46854)
672826 EulerOS Security Update for proftpd (EulerOS-SA-2023-1561)
672830 EulerOS Security Update for proftpd (EulerOS-SA-2023-1536)
710709 Gentoo Linux ProFTPd Memory Disclosure Vulnerability (GLSA 202305-03)