Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
libfetch 缓冲区错误漏洞
Vulnerability Description
libfetch是一个浏览器扩展,可以更轻松地访问 NIE 图书馆订阅的电子资源内容。 libfetch 存在缓冲区错误漏洞,该漏洞源于会错误地处理FTP和HTTP协议的数字字符串。FTP被动模式实现允许越界读取,因为使用strtol将相关数字解析为地址字节。它不检查行是否提前结束。如果是,则for循环条件检查结束符晚了一个字节。
CVSS Information
N/A
Vulnerability Type
N/A