CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Date published : 2020-02-20

https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf

https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES