Описание
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 2:2.2-1 |
| esm-apps/bionic | released | 2:1.9.4-3ubuntu0.1+esm1 |
| esm-apps/focal | released | 2:1.9.4-11ubuntu0.1+esm1 |
| esm-apps/jammy | not-affected | 2:2.2-1 |
| esm-apps/xenial | released | 2:1.9.4-1ubuntu0.1~esm2 |
| esm-infra-legacy/trusty | released | 2:1.9.2-1ubuntu0.1~esm1 |
| focal | ignored | end of standard support, was needed |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
The ftp client in GNU Inetutils before 2.2 does not validate addresses ...
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3