CVE-2026-32746

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...

Exploit for CVE-2026-32746

CVE-2026-32746 - telnetd LINEMODE SLC Buffer Overflow Pre-aut...

EUVD-2026-12065

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...

CVE-2026-32746

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21707)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21707 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTC...

curl: Telnet Suboption Buffer Pointer Underflow in lib/telnet.c leads to Out-of-Bounds Read

Summary A buffer pointer underflow vulnerability exists in curl's telnet protocol handler lib/telnet.c. When processing telnet suboptions in the CURLTSSE state, the code unconditionally decrements the suboption buffer pointer by 2 subpointer -= 2, even when the CURLSBACCUM macro skips writing due...

mptcp: consolidate suboption status

...

SUSE CVE-2025-21707

In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...

DEBIAN-CVE-2025-21707

In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...

AZL-57978 CVE-2025-21707 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...

UBUNTU-CVE-2025-21707

In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...

CVE-2025-21707

In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...

CVE-2025-21707

CVE-2025-21707 details (Linux kernel MPTCP issue). The vulnerability arises in MPTCP suboption status handling, where zeroing a bitmask is insufficient and certain per-suboption bitfields may fail to be cleared/initialized. Syzkaller reported KMSAN uninitialized value paths in __mptcp_expand_seq ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mptcp suboption state not being properly initialized...

PYSEC-2021-1

A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the nolog feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability...

Telnetd encrypt_keyid: Remote Root function pointer overwrite

Exploit for linux platform in category remote exploits / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan email protected - email protected Credits to batchdrake as always / / // / / / // /\ \ / / / / / \ / / / / / / // / / / / // / / / //,///...

DEBIAN-CVE-2010-3696

The frdhcpdecode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service infinite loop and daemon outage via a packet that has more than one sub-option...

Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption

Overview Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host. Description The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protoco...