CVE-2023-45198

2023-10-0500:00:00

mitre

www.cve.org

cve-2023-45198

information leakage

host filesystem

authentication

mlsd command

mlst command

vulnerability

tnftpd

0.001 Low

EPSS

Percentile

37.1%

JSON

ftpd before “NetBSD-ftpd 20230930” can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.

References

cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95

mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html

0.001 Low

EPSS

Percentile

37.1%

JSON

Related for CVELIST:CVE-2023-45198