Severity: Unknown
Affected Package: libfetch
Summary: Out-of-bounds read in libfetch passive FTP response parsing
When using passive mode FTP, libfetch used strtol() to parse the numbers of the server's response into address bytes without checking whether the line ended prematurely. This off-by-one in the loop condition could cause an out-of-bounds read, and a malicious FTP server could exploit it to leak sensitive information from the client's memory.
No specific recommendations provided.
Aliases: CVE-2021-36159
Published: August 24, 2021
Last Modified: August 24, 2021