CVE-2007-2318

Description

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.

How to fix CVE-2007-2318

To remediate CVE-2007-2318, upgrade the affected package to a fixed version below.

• Debian/filezilla—upgrade to 3.0.0~beta2-3 or later

Is CVE-2007-2318 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.0.0~beta2-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2318