5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.963 High
EPSS
Percentile
99.5%
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the “Terrapin attack”. A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. This update fixes the issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | filezilla | < 3.66.4-1 | filezilla-3.66.4-1.mga9 |
Mageia | 9 | noarch | libfilezilla | < 0.45.0-1 | libfilezilla-0.45.0-1.mga9 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.963 High
EPSS
Percentile
99.5%