The ftp client in GNU Inetutils prior to 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu inetutils |
||
debian debian linux 10.0 |