Описание
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.58.0-2ubuntu3.19 |
| devel | released | 7.84.0-1 |
| esm-infra-legacy/trusty | not-affected | 7.35.0-1ubuntu2.20+esm11 |
| esm-infra/bionic | not-affected | 7.58.0-2ubuntu3.19 |
| esm-infra/focal | not-affected | 7.68.0-1ubuntu2.12 |
| esm-infra/xenial | released | 7.47.0-1ubuntu2.19+esm4 |
| focal | released | 7.68.0-1ubuntu2.12 |
| impish | released | 7.74.0-1.3ubuntu2.3 |
| jammy | released | 7.81.0-1ubuntu1.3 |
| kinetic | released | 7.84.0-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
When curl < 7.84.0 does FTP transfers secured by krb5, it handles mess ...
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3