CVSS: 3.4EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32772
https://notcve.org/view.php?id=CVE-2026-32772
13 Mar 2026 — telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. • https://www.openwall.com/lists/oss-security/2026/03/13/1 • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32746
https://notcve.org/view.php?id=CVE-2026-32746
13 Mar 2026 — telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. telnetd en GNU inetutils hasta 2.7 permite una escritura fuera de límites en el gestor de la subopción LINEMODE SLC (Set Local Characters) porque add_slc no verifica si el búfer está lleno. • https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-28372
https://notcve.org/view.php?id=CVE-2026-28372
27 Feb 2026 — telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file. • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=3953943d8296310485f98963883a798545ab9a6c • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 87%CPEs: 1EXPL: 6CVE-2026-24061 – GNU InetUtils Argument Injection Vulnerability
https://notcve.org/view.php?id=CVE-2026-24061
21 Jan 2026 — telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. Kyu Neushwaistein discovered that telnetd from inetutils does not sanitize the USER environment variable before passing it on to login. A remote attacker can take advantage of this flaw to login as root, bypassing normal authentication processes. For the oldstable distribution (bookworm), this problem has been fixed in version 2:2.4-2+deb12u2. For the stable distribution (trixie)... • https://packetstorm.news/files/id/214347 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40303 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2023-40303
14 Aug 2023 — GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. Matthew Hickey discovered that Inetutils did not correctly handle certain escape characters. An attacker could possibly use this issue to cause a denial of service. It wa... • http://www.openwall.com/lists/oss-security/2023/12/30/4 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-39028 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2022-39028
30 Aug 2022 — telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not sup... • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40491
https://notcve.org/view.php?id=CVE-2021-40491
03 Sep 2021 — The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. El cliente ftp en GNU Inetutils versiones anteriores a 2.2, no comprueba las direcciones devueltas por las respuestas PASV/LSPV para asegurarse de que coinciden con la dirección del servidor. Esto es similar a CVE-2020-8284 para curl • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993476 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 92%CPEs: 21EXPL: 12CVE-2011-4862 – Telnet Service Encryption Key ID Overflow Detection
https://notcve.org/view.php?id=CVE-2011-4862
25 Dec 2011 — Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v... • https://packetstorm.news/files/id/180955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2004-1485
https://notcve.org/view.php?id=CVE-2004-1485
31 Dec 2004 — Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. • http://marc.info/?l=bugtraq&m=109882085912915&w=2 •