Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Freebsd›Applicationnvd

Libfetch

Vulnerabilities

1

Known exploited

0

Max CVSS

9.1

Top EPSS

0.02637

Severity breakdown

Critical

1

High

0

Medium

0

Low

0

Affected version ranges

< 2021-07-26

Also matched as (raw): libfetch

Top vulnerabilities

CVE-2021-36159libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.

View vendor →Open in catalog with product filter →