CVE-2020-10188
published 2020-03-06CVE-2020-10188: utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista | eos | <= 4.20.15 | — |
| arista | eos | — | — |
| arista | eos | 4.21.0 – 4.21.10m | — |
| arista | eos | 4.22 – 4.22.4m | — |
| arista | eos | 4.23 – 4.23.3m | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | inetutils | < inetutils 2:1.9.4-12 (bookworm) | inetutils 2:1.9.4-12 (bookworm) |
| debian | netkit-telnet | < inetutils 2:1.9.4-12 (bookworm) | inetutils 2:1.9.4-12 (bookworm) |
| debian | netkit-telnet-ssl | < inetutils 2:1.9.4-12 (bookworm) | inetutils 2:1.9.4-12 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnu | inetutils | >= 0 < 2:1.9.4-12 | 2:1.9.4-12 |
| gnu | inetutils | >= 0 < 2:1.9.4-12 | 2:1.9.4-12 |
| gnu | inetutils | >= 0 < 2:1.9.4-12 | 2:1.9.4-12 |
| gnu | inetutils | >= 0 < 2:1.9.4-12 | 2:1.9.4-12 |
| gnu | inetutils | >= 0 < 2:1.9.2-1ubuntu0.1~esm2 | 2:1.9.2-1ubuntu0.1~esm2 |
| gnu | inetutils | >= 0 < 2:1.9.4-1ubuntu0.1~esm3 | 2:1.9.4-1ubuntu0.1~esm3 |
| gnu | inetutils | >= 0 < 2:1.9.4-3ubuntu0.1+esm2 | 2:1.9.4-3ubuntu0.1+esm2 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL