The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-03T00:00:00
Updated: 2024-08-04T02:44:10.353Z
Reserved: 2021-09-03T00:00:00
Link: CVE-2021-40491
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-09-03T02:15:06.403
Modified: 2024-11-21T06:24:14.927
Link: CVE-2021-40491
Redhat
No data.