Inetutils Security Vulnerabilities and Issues — Inetutils CVE List

GnuInetutils

8 matches found

CVE•added 2026/01/21 6:42 a.m.•431 views

CVE-2026-24061

Summary: CVE-2026-24061 affects GNU Inetutils’ telnetd (up to 2.7) and enables remote authentication bypass by setting the USER environment variable to "-f root". This can lead to unauthorized root access if telnetd is reachable. What’s affected (per provided docs): inetutils telnetd; GNU Inetuti...

9.8CVSS5.5AI score0.98871EPSS

In wild

CVE•added 2011/12/25 1:0 a.m.•416 views

CVE-2011-4862

CVE-2011-4862 is a remote pre-authentication buffer overflow in the encryption handling of BSD telnetd: libtelnet/encrypt.c in telnetd on FreeBSD 7.3–9.0, krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, and GNU inetutils. The underlying bug allows arbitrary code execution by sending a lon...

10CVSS7.3AI score0.95104EPSS

CVE•added 2022/08/30 12:0 a.m.•122 views

CVE-2022-39028

CVE-2022-39028 affects telnetd in GNU Inetutils up to 2.3 and MIT krb5-appl up to 1.0.3 (and derivatives). The issue is a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8, causing telnetd to crash; in typical installs the service stays up via inetd, but repeated crashes can render the telnet s...

7.5CVSS7.3AI score0.01597EPSS

CVE•added 2021/09/03 12:0 a.m.•114 views

CVE-2021-40491

CVE-2021-40491 affects GNU Inetutils before 2.2, where the FTP client does not validate addresses returned in PASV/LSPV responses against the server address, enabling potential address mismatch exploitation. The connected documents corroborate a related PASV-based risk in curl (CVE-2020-8284) and...

6.5CVSS6AI score0.00931EPSS

CVE•added 2026/03/13 5:15 p.m.•87 views

CVE-2026-32746

CVE-2026-32746 affects telnetd in GNU inetutils up to version 2.7. The vulnerability is an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler due to add_slc not verifying the buffer fill level. This can lead to memory corruption with potential impact on confidentiali...

9.8CVSS5.9AI score0.23674EPSS

CVE•added 2023/08/14 12:0 a.m.•65 views

CVE-2023-40303

CVE-2023-40303 relates to inetutils, where multiple set*id() return values were not checked in ftpd, rcp, rlogin, rsh, rshd, and uucpd, enabling potential local privilege escalation. Affected software: GNU inetutils (various Unix/Linux distros). Impact: privilege escalation if setuid/setgid/seteu...

7.8CVSS7.5AI score0.0039EPSS

CVE•added 2026/02/27 5:28 a.m.•36 views

CVE-2026-28372

CVE-2026-28372 affects telnetd in GNU inetutils up to version 2.7. The root cause is that login(1) in util-linux 2.40 added systemd service credentials support, enabling a local unprivileged user to influence the CREDENTIALS_DIRECTORY environment variable and create a login.noauth file, which can...

7.8CVSS5.5AI score0.00373EPSS

CVE•added 2026/03/13 9:1 p.m.•35 views

CVE-2026-32772

CVE-2026-32772 affects the inetutils telnet implementation (GNU inetutils) up to version 2.7. The issue allows a server to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR, leading to information disclosure. Debians advisories (DSA-6193-1, dla-4527-1) note that fixes...

4.7CVSS5.9AI score0.00187EPSS