Vulnerability Details CVE-2023-45198
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.3%
CVSS Severity
CVSS v3 Score 7.5
References
- http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95
- https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html
- http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95
- https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html
Products affected by CVE-2023-45198
-
cpe:2.3:a:netbsd:ftpd:-
-
cpe:2.3:a:netbsd:ftpd:1.5
-
cpe:2.3:a:netbsd:ftpd:1.5.1
-
cpe:2.3:a:netbsd:ftpd:1.5.2
-
cpe:2.3:a:netbsd:ftpd:1.5.3
-
cpe:2.3:a:netbsd:ftpd:1.6
-
cpe:2.3:a:netbsd:tnftpd:*