CVE-2023-40303

CWE-252 — Unchecked Return Value9 documents6 sources

Severity

7.8HIGH

EPSS

0.1%

top 83.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Inetutils

Timeline

PublishedAug 14

Latest updateSep 28

Description

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debianinetutils< 2:2.0-1+deb11u2+3

▶Ubuntuinetutils< 2:1.9.4-11ubuntu0.2+1

▶NVDgnu/inetutils2.4

Patches

Patch: git.savannah.gnu.org ↗Patch: lists.gnu.org ↗Patch: git.savannah.gnu.org ↗

🔴Vulnerability Details

OSV

inetutils vulnerabilities↗2025-09-28

▶

OSV

inetutils vulnerabilities↗2023-08-22

▶

OSV

CVE-2023-40303: GNU inetutils before 2↗2023-08-14

▶

GHSA

GHSA-w2mw-45j6-m2cq: GNU inetutils through 2↗2023-08-14

▶

CVEList

CVE-2023-40303: GNU inetutils before 2↗2023-08-14

▶

📋Vendor Advisories

Ubuntu

Inetutils vulnerabilities↗2025-09-28

▶

Ubuntu

Inetutils vulnerabilities↗2023-08-22

▶

Debian

CVE-2023-40303: inetutils - GNU inetutils before 2.5 may allow privilege escalation because of unchecked ret...↗2023

▶