Your submission was sent successfully! Close

CVE-2021-40491

Published: 3 September 2021

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
inetutils
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(2:2.2-1)
trusty
Released (2:1.9.2-1ubuntu0.1~esm1)
upstream
Released (2:2.2-1)
xenial Ignored
(out of standard support)