CVE-2019-0053Stack-based Buffer Overflow in Networks Junos OS

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-271Privilege Dropping / Lowering Errors24 documents10 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
GNU InetutilsDebian InetutilsJuniper Networks Junos OS+3 more
Timeline
PublishedJul 11
Latest updateSep 28

Description

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue a

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5juniper_networks/junos_os17 versions+16
NVDjuniper/junos18 versions+17
debiandebian/inetutils< inetutils 2:1.9.4-11 (bookworm)
Debiangnu/inetutils< 2:1.9.4-11+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
OSV
inetutils vulnerabilities2025-09-28
GHSA
GHSA-4vvc-hp8x-p32m: Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be expl2022-05-24
OSV
CVE-2019-0053: Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be expl2019-07-11

💥Exploits & PoCs

14
Exploit-DB
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font2019-12-11
Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream2019-11-11
Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)2019-11-11
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)2019-10-21
Exploit-DB
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream2019-08-15

📋Vendor Advisories

5
Ubuntu
Inetutils vulnerabilities2025-09-28
Red Hat
docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc2020-06-23
BSD
FreeBSD-SA-19:12.telnet: telnet(1) client multiple vulnerabilities2019-07-24
Juniper
CVE-2019-0053: Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be expl2019-07-11
Debian
CVE-2019-0053: inetutils - Insufficient validation of environment variables in the telnet client supplied i...2019

💬Community

1
Bugzilla
CVE-2020-14298 docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc2020-06-18
CVE-2019-0053 — Stack-based Buffer Overflow | cvebase