Lucene search

GoogleOSV:USN-5177-1

HistoryAug 08, 2022 - 3:38 p.m.

inetutils vulnerability

2022-08-0815:38:39

Google

osv.dev

inetutils

ftp

response check

vulnerability

remote attacker

crash

run programs

user machine

software

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.5%

JSON

It was discovered that Inetutils did not properly check the response of
ftp requests. A remote attacker could use this vulnerability to cause a crash
or run programs in the user machine.

References

ubuntu.com/security/CVE-2021-40491

ubuntu.com/security/notices/USN-5177-1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.5%

JSON

Related for OSV:USN-5177-1