CVE-2022-39028

CWE-476 — NULL Pointer Dereference10 documents7 sources

Severity

7.5HIGH

EPSS

0.4%

top 41.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Inetutils MIT Kerberos 5 Netkit-telnet Project Netkit-telnet +1 more

Timeline

PublishedAug 30

Latest updateSep 28

Description

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-app…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDnetkit-telnet_project/netkit-telnet0.17

▶Debianinetutils< 2:2.0-1+deb11u1+3

▶Ubuntuinetutils< 2:1.9.4-11ubuntu0.2+1

▶NVDgnu/inetutils2.3

▶NVDmit/kerberos_51.0.3

Also affects: Debian Linux 10.0

Patches

Patch: git.hadrons.org ↗Patch: pierrekim.github.io ↗Patch: git.hadrons.org ↗

🔴Vulnerability Details

OSV

inetutils vulnerabilities↗2025-09-28

▶

OSV

inetutils vulnerabilities↗2023-08-22

▶

GHSA

GHSA-jq82-jqvw-64w3: telnetd in GNU Inetutils through 2↗2022-08-31

▶

CVEList

CVE-2022-39028: telnetd in GNU Inetutils through 2↗2022-08-30

▶

OSV

CVE-2022-39028: telnetd in GNU Inetutils through 2↗2022-08-30

▶

📋Vendor Advisories

Ubuntu

Inetutils vulnerabilities↗2025-09-28

▶

Ubuntu

Inetutils vulnerabilities↗2023-08-22

▶

Red Hat

krb5-appl: NULL pointer dereference↗2022-08-30

▶

Debian

CVE-2022-39028: inetutils - telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivativ...↗2022

▶