CVE-2011-4130
proftpd-dfsg - several
EPSS 1.3%
Description
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
How to fix CVE-2011-4130
To remediate CVE-2011-4130, upgrade the affected package to a fixed version below.
- Debian/proftpd-dfsg—upgrade to 1.3.4~rc3-2 or later
- Debian/proftpd-dfsg—upgrade to 1.3.1-17lenny8 or later
- Debian/proftpd-dfsg—upgrade to 1.3.1-17lenny9 or later
Is CVE-2011-4130 being exploited?
Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.3.4~rc3-2
- from 0, < 1.3.1-17lenny8
- from 0, < 1.3.1-17lenny9