Debian Inetutils vulnerabilities

13 known vulnerabilities affecting debian/inetutils.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL3HIGH5MEDIUM1LOW4

Vulnerabilities

Page 1 of 1

CVE-2026-32746CRITICALCVSS 9.8fixed in inetutils 2:2.4-2+deb12u3 (bookworm)2026

CVE-2026-32746 [CRITICAL] CVE-2026-32746: inetutils - telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO... telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. Scope: local bookworm: resolved (fixed in 2:2.4-2+deb12u3) bullseye: open forky: resolved (fixed in 2:2.7-4) sid: resolved (fixed in 2:2.7-4) trixie: resolved (fixed in 2:2.6-

debian

CVE-2026-24061CRITICALCVSS 9.8KEVPoCfixed in inetutils 2:2.4-2+deb12u2 (bookworm)2026

CVE-2026-24061 [CRITICAL] CVE-2026-24061: inetutils - telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "... telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. Scope: local bookworm: resolved (fixed in 2:2.4-2+deb12u2) bullseye: resolved (fixed in 2:2.0-1+deb11u3) forky: resolved (fixed in 2:2.7-2) sid: resolved (fixed in 2:2.7-2) trixie: resolved (fixed in 2:2.6-3+deb13u1)

debian

CVE-2026-28372HIGHCVSS 7.4fixed in inetutils 2:2.4-2+deb12u3 (bookworm)2026

CVE-2026-28372 [HIGH] CVE-2026-28372: inetutils - telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exp... telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file. Scope:

debian

CVE-2026-32772LOWCVSS 3.4fixed in inetutils 2:2.4-2+deb12u3 (bookworm)2026

CVE-2026-32772 [LOW] CVE-2026-32772: inetutils - telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment... telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. Scope: local bookworm: resolved (fixed in 2:2.4-2+deb12u3) bullseye: open forky: resolved (fixed in 2:2.7-5) sid: resolved (fixed in 2:2.7-5) trixie: resolved (fixed in 2:2.6-3+deb13u3)

debian

CVE-2023-40303HIGHCVSS 7.8fixed in inetutils 2:2.4-2+deb12u1 (bookworm)2023

CVE-2023-40303 [HIGH] CVE-2023-40303: inetutils - GNU inetutils before 2.5 may allow privilege escalation because of unchecked ret... GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. Scope: local bookworm: r

debian

CVE-2022-39028HIGHCVSS 7.5fixed in inetutils 2:2.3-5 (bookworm)2022

CVE-2022-39028 [HIGH] CVE-2022-39028: inetutils - telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivativ... telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet s

debian

CVE-2021-40491LOWCVSS 3.7fixed in inetutils 2:2.2-1 (bookworm)2021

CVE-2021-40491 [LOW] CVE-2021-40491: inetutils - The ftp client in GNU Inetutils before 2.2 does not validate addresses returned ... The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. Scope: local bookworm: resolved (fixed in 2:2.2-1) bullseye: resolved (fixed in 2:2.0-1+deb11u1) forky: resolved (fixed in 2:2.2-1) sid: resolved (fixed in 2:2.2-1) trixie: reso

debian

CVE-2020-10188CRITICALCVSS 9.8fixed in inetutils 2:1.9.4-12 (bookworm)2020

CVE-2020-10188 [CRITICAL] CVE-2020-10188: inetutils - utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to ex... utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Scope: local bookworm: resolved (fixed in 2:1.9.4-12) bullseye: resolved (fixed in 2:1.9.4-12) forky: resolved (fixed in 2:1.9.4-12) sid: resolved (fixe

debian

CVE-2019-0053LOWCVSS 7.8fixed in inetutils 2:1.9.4-11 (bookworm)2019

CVE-2019-0053 [HIGH] CVE-2019-0053: inetutils - Insufficient validation of environment variables in the telnet client supplied i... Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the

debian

CVE-2014-3634HIGHCVSS 7.5fixed in inetutils 2:1.9.2.39.3a460-1 (bookworm)2014

CVE-2014-3634 [HIGH] CVE-2014-3634: inetutils - rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows re... rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. Scope: local bookworm: resolved (fixed in 2:1.9.2.39.3a460-1) bullseye: resolved (fixed i

debian

CVE-2011-4862HIGHCVSS 10.0ExploitedPoCfixed in heimdal 1.5.dfsg.1-1 (bookworm)2011

CVE-2011-4862 [CRITICAL] CVE-2011-4862: heimdal - Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MI... Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Scope: local bookworm: reso

debian

CVE-2010-2529MEDIUMCVSS 5.0fixed in inetutils 2:1.9-2 (bookworm)2010

CVE-2010-2529 [MEDIUM] CVE-2010-2529: inetutils - Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and... Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. Scope: local bookworm: resolved (fixed in 2:1.9-2) bullseye: resolved (fixed in 2:1.9-2) forky: resolved (fixed in 2:1.9-2) sid: resolved (fixed in 2:1.9-2) trixie: reso

debian

CVE-2004-1485LOWCVSS 7.52004

CVE-2004-1485 [HIGH] CVE-2004-1485: atftp - Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DN... Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian