Wiz
Vulnerability DatabaseCVE-2021-36159

CVE-2021-36159
Linux Alpine vulnerability analysis and mitigation

Overview

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, contains a vulnerability in its handling of numeric strings for FTP and HTTP protocols. The vulnerability was discovered in the FTP passive mode implementation where the software mishandles numeric string parsing (MITRE CVE).

Technical details

The vulnerability stems from an out-of-bounds read condition in the FTP passive mode implementation. The issue occurs because strtol is used to parse numbers into address bytes without properly checking if the line ends prematurely. The for-loop condition checks for the '\0' terminator one byte too late due to premature p++ operation (Alpine Issue).

Impact

The vulnerability allows a malicious FTP server to control the connection buffer size, which can be increased until a newline is encountered. This could potentially lead to information leaks as the buffer can be moved into more interesting areas within the address space, with parsed numbers becoming available to the server in the form of new TCP connection port numbers or IPv6 addresses (Alpine Issue).

Mitigation and workarounds

The issue was fixed in libfetch after 2021-07-26. The fix includes proper boundary checks for numeric string parsing and validation of buffer limits (FreeBSD Commit).

Additional resources

SourceThis report was generated using AI

Related Linux Alpine vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-69263HIGH8.8
  • JavaScriptJavaScript
  • pnpm
NoYesJan 07, 2026
CVE-2025-69262HIGH7.8
  • JavaScriptJavaScript
  • pnpm
NoYesJan 07, 2026
CVE-2025-13151HIGH7.5
  • Linux DebianLinux Debian
  • libtasn1-6
NoYesJan 07, 2026
CVE-2026-21885MEDIUM6.5
  • NixOSNixOS
  • miniflux
NoYesJan 08, 2026
CVE-2025-69230LOW2.7
  • WolfiWolfi
  • awx
NoYesJan 06, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo