{
  "version": "1",
  "package": [
    {
      "name": "inetutils",
      "layer": "meta",
      "version": "2.5",
      "products": [
        {
          "product": "inetutils",
          "cvesInRecord": "Yes"
        }
      ],
      "issue": [
        {
          "id": "CVE-2011-4862",
          "summary": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.",
          "scorev2": "10.0",
          "scorev3": "0.0",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2011-4862"
        },
        {
          "id": "CVE-2021-40491",
          "summary": "The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.",
          "scorev2": "4.3",
          "scorev3": "6.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-40491"
        },
        {
          "id": "CVE-2022-39028",
          "summary": "telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.",
          "scorev2": "0.0",
          "scorev3": "7.5",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2022-39028"
        },
        {
          "id": "CVE-2023-40303",
          "summary": "GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.",
          "scorev2": "0.0",
          "scorev3": "7.8",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2023-40303"
        },
        {
          "id": "CVE-2026-24061",
          "summary": "telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a \"-f root\" value for the USER environment variable.",
          "scorev2": "0.0",
          "scorev3": "9.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "status": "Patched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-24061"
        },
        {
          "id": "CVE-2026-28372",
          "summary": "telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.",
          "scorev2": "0.0",
          "scorev3": "7.4",
          "scorev4": "0.0",
          "vector": "LOCAL",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "status": "Unpatched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-28372"
        },
        {
          "id": "CVE-2026-32746",
          "summary": "telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.",
          "scorev2": "0.0",
          "scorev3": "9.8",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "status": "Unpatched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-32746"
        },
        {
          "id": "CVE-2026-32772",
          "summary": "telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.",
          "scorev2": "0.0",
          "scorev3": "3.4",
          "scorev4": "0.0",
          "vector": "NETWORK",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
          "status": "Unpatched",
          "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-32772"
        }
      ]
    }
  ]
}