CVE-2021-36159 is a vulnerability in FreeBSD Libfetch
Published on August 3, 2021
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.
Products Associated with CVE-2021-36159
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-36159 are published in FreeBSD Libfetch:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.