Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server’s response.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | xfstt | < 1.5.1-1 | xfstt_1.5.1-1_all.deb |
Debian | 10 | all | xfstt | < 1.5.1-1 | xfstt_1.5.1-1_all.deb |