CyberSec.Space Logo
Back to CVE Browser

CVE-2021-40491

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile11.31th
PublishedSep 3, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

Affected Platforms (CPE)

πŸ“¦
Gnu

Inetutils

< 2.2
πŸ’»
Debian

Debian Linux

= 10.0

References & Advisories

πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993476
πŸ”— https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
πŸ”— https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html
πŸ”— https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993476
πŸ”— https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
πŸ”— https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html
πŸ”— https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html

Related Vulnerabilities

CVE-2011-486210.0

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) ...

CVE-2004-14857.5

Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DN...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.