Back to search
CVE-2021-36159
Published: Aug 3, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
x_refsource_MISC
https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch
x_refsource_MISC
[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now