The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-03T00:00:00
Updated: 2024-08-04T02:44:10.353Z
Reserved: 2021-09-03T00:00:00
Link: CVE-2021-40491
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-03T02:15:06.403
Modified: 2023-02-03T19:02:40.120
Link: CVE-2021-40491
Redhat
No data.