CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

GNU Inetutils 安全漏洞

GNU Inetutils is a set of common network programs from the GNU community in the United States. Versions of GNU Inetutils 2.7 and earlier contained security vulnerabilities, which stemmed from the telnet protocol allowing servers to read arbitrary environment variables from clients through...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 Scanner – GNU inetutils telnetd Auth Bypass...

SUSE CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

curl supports the `-t` command line option known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

...

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option known as `CURLOPT_TELNETOPTIONS` in libcurl is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables libcurl could be made to pass on uninitialized data from a stack based buffer to the server resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

...

AZL-6359 CVE-2021-22898 affecting package curl for versions less than 7.76.0-5

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

ALPINE-CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

Getting around the cybersecurity talent shortage

More remote workers mean larger attack surfaces, and as cyber criminals take advantage of the rush to provision a remote workforce, the pain of the cybersecurity professionals shortage has become acute. Last year, the ISC2 Workforce Study identified a shortage of 561,000 cybersecurity professiona...

DEBIAN-CVE-2005-0488

Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENVUSERVAR command...