suse · CVE-2014-8517

Quick triage

Priority: medium Published: 2021-05-30 13:24:07 UTC Updated: 2023-12-08 02:22:06 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-8517 severity moderate: SUSE including 5 source package names (tnftp-20151004-1.3, tnftp-20151004-bp153.1.16, tnftp-20151004-bp154.2.20, tnftp-20151004-lp150.1.9, tnftp-20151004-lp152.3.8), 5 product×package rows across 5 product lines (openSUSE Leap 15.0, openSUSE Leap 15.2, … (5 product lines)): Fixed 5.

Description:

The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.

cvelogic Threat Intelligence