CVE-2020-10188

CWE-120Classic Buffer OverflowCWE-119Buffer Overflow14 documents10 sources
Severity
9.8CRITICAL
EPSS
9.6%
top 7.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Arista EOSNetkit Telnet Project Netkit TelnetDebian Debian Linux+3 more
Timeline
PublishedMar 6
Latest updateSep 28

Description

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

Debiannetkit-telnet< 0.17-18woody2
Debiannetkit-telnet-ssl< 0.17.17+0.1-2woody3+3
Debianinetutils< 2:1.9.4-12+3
Ubuntuinetutils< 2:1.9.2-1ubuntu0.1~esm2+2

Also affects: Debian Linux 8.0, 9.0, Fedora 30, 31, 32

Patches

Patch: github.comPatch: www.oracle.comPatch: github.com

🔴Vulnerability Details

4
OSV
inetutils vulnerabilities2025-09-28
GHSA
GHSA-8239-4cq6-qmwc: utility2022-05-24
OSV
CVE-2020-10188: utility2020-03-06
CVEList
CVE-2020-10188: utility2020-03-06

📋Vendor Advisories

7
Ubuntu
Inetutils vulnerabilities2025-09-28
Ubuntu
Inetutils vulnerability2021-08-20
Ubuntu
Inetutils vulnerability2021-08-19
Oracle
Oracle Oracle Communications Risk Matrix: Mediation server (Telnet) — CVE-2020-101882021-04-15
Cisco
Telnet Vulnerability Affecting Cisco Products: June 20202020-06-24

💬Community

2
Bugzilla
CVE-2020-10188 telnet: telnet-server: Arbitrary remote code execution in utility.c via short writes or urgent data [fedora-all]2020-03-18
Bugzilla
CVE-2020-10188 telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code2020-03-09
CVE-2020-10188 (CRITICAL CVSS 9.8) | utility.c in telnetd in netkit teln | cvebase.io