Your submission was sent successfully! Close

CVE-2021-40491

Published: 03 September 2021

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
inetutils
Launchpad, Ubuntu, Debian
Upstream
Released (2:2.2-1)
Ubuntu 21.10 (Impish Indri) Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(out of standard support)
Ubuntu 14.04 ESM (Trusty Tahr) Needed