CVE-2014-1693
EPSS 0.59%
Description
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command.
How to fix CVE-2014-1693
To remediate CVE-2014-1693, upgrade the affected package to a fixed version below.
- Debian/erlang—upgrade to 1:16.b.3.1-dfsg-3 or later
Is CVE-2014-1693 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:16.b.3.1-dfsg-3