CVE-2026-32746
published 2026-03-13CVE-2026-32746: telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | inetutils | < inetutils 2:2.4-2+deb12u3 (bookworm) | inetutils 2:2.4-2+deb12u3 (bookworm) |
| gnu | inetutils | <= 2.7 | — |
| gnu | inetutils | >= 0 < 2:2.4-2+deb12u3 | 2:2.4-2+deb12u3 |
| gnu | inetutils | >= 0 < 2:2.6-3+deb13u3 | 2:2.6-3+deb13u3 |
| gnu | inetutils | >= 0 < 2:2.7-4 | 2:2.7-4 |
| vllm | vllm | >= 0.15.1 < 0.17.0 | 0.17.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL