Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.
- https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749
- https://github.com/0xDeCA10B/attackfinder
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Frannc0/test2
- https://github.com/NeXTLinux/griffon
- https://github.com/SilveiraLeonardo/experimenting_mkdown
- https://github.com/VAN-ALLY/Anchore
- https://github.com/anchore/grype
- https://github.com/aymankhder/scanner-for-container
- https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc
- https://github.com/khulnasoft-labs/griffon
- https://github.com/metapull/attackfinder
- https://github.com/mmartins000/sinker
- https://github.com/mvbalamca/image-vulnerability-checker-lib
- https://github.com/n0-traces/cve_monitor
- https://github.com/step-security-bot/griffon
- https://github.com/tamboliv10/GitCode-Vulnerability-Scanner-OSS---Security-
- https://github.com/thecyberbaby/Trivy-by-AquaSecurity
- https://github.com/thecyberbaby/Trivy-by-aquaSecurity
- https://github.com/vissu99/grype-0.70.0