Welcome to the homepage of FileZilla, the free FTP solution. Both a client and a server are available. FileZilla is open source software distributed free of charge under the terms of the GNU General Public License
Support is available through our forums, the wiki and the bug and feature request trackers.
In addition, you will find documentation on how to compile FileZilla and nightly builds for multiple platforms in the development section.
Click on Picture to Download
Your download should automatically begin in a few seconds, but if not, click here.
Impact
An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases.
Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.
Affected versions
All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1
Support is available through our forums, the wiki and the bug and feature request trackers.
In addition, you will find documentation on how to compile FileZilla and nightly builds for multiple platforms in the development section.
Click on Picture to Download
Your download should automatically begin in a few seconds, but if not, click here.
Impact
An attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases.
Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.
Affected versions
All versions prior to 3.1.0.1 are affected. This vulnerability has been fixed in 3.1.0.1