7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.2%
ftpd before “NetBSD-ftpd 20230930” can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95
mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html