CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.0%
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | lftp | < 2.6.10-1 | lftp_2.6.10-1_all.deb |
Debian | 11 | all | lftp | < 2.6.10-1 | lftp_2.6.10-1_all.deb |
Debian | 999 | all | lftp | < 2.6.10-1 | lftp_2.6.10-1_all.deb |
Debian | 13 | all | lftp | < 2.6.10-1 | lftp_2.6.10-1_all.deb |