VulnerableCode Package Details - pkg:deb/debian/inetutils@2:2.4-2%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6xfm-qpgd-ebaw Aliases: CVE-2026-28372	telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.	2:2.4-2+deb12u3 Affected by 0 other vulnerabilities.
VCID-hm61-cd18-hycu Aliases: CVE-2026-32746	telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.	2:2.4-2+deb12u3 Affected by 0 other vulnerabilities. 2:2.6-3+deb13u3 Affected by 0 other vulnerabilities.
VCID-wfv6-euzm-7bhc Aliases: CVE-2026-32772	telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.	2:2.4-2+deb12u3 Affected by 0 other vulnerabilities. 2:2.6-3+deb13u3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6xfm-qpgd-ebaw
Aliases:
CVE-2026-28372

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

2:2.4-2+deb12u3
Affected by 0 other vulnerabilities.

VCID-hm61-cd18-hycu
Aliases:
CVE-2026-32746

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

2:2.4-2+deb12u3
Affected by 0 other vulnerabilities.

2:2.6-3+deb13u3
Affected by 0 other vulnerabilities.

VCID-wfv6-euzm-7bhc
Aliases:
CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

2:2.4-2+deb12u3
Affected by 0 other vulnerabilities.

2:2.6-3+deb13u3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6xfm-qpgd-ebaw	telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.	CVE-2026-28372
VCID-bn6y-snuj-gbdy	A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root.	CVE-2026-24061
VCID-hm61-cd18-hycu	telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.	CVE-2026-32746
VCID-wfv6-euzm-7bhc	telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.	CVE-2026-32772

Vulnerability

Summary

Aliases

VCID-6xfm-qpgd-ebaw

CVE-2026-28372

VCID-bn6y-snuj-gbdy

A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root.

CVE-2026-24061

VCID-hm61-cd18-hycu

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

CVE-2026-32746

VCID-wfv6-euzm-7bhc

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

CVE-2026-32772

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:25:23.384670+00:00	Debian Importer	Fixing	VCID-6xfm-qpgd-ebaw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:38:46.121610+00:00	Debian Importer	Fixing	VCID-wfv6-euzm-7bhc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:19:27.307164+00:00	Debian Importer	Affected by	VCID-wfv6-euzm-7bhc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:04:43.044886+00:00	Debian Importer	Affected by	VCID-hm61-cd18-hycu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:22:01.570161+00:00	Debian Importer	Fixing	VCID-hm61-cd18-hycu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:29:49.941596+00:00	Debian Importer	Affected by	VCID-6xfm-qpgd-ebaw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T01:18:02.043385+00:00	Debian Oval Importer	Fixing	VCID-6xfm-qpgd-ebaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T01:17:47.098990+00:00	Debian Oval Importer	Fixing	VCID-wfv6-euzm-7bhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T01:17:22.174386+00:00	Debian Oval Importer	Fixing	VCID-hm61-cd18-hycu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:07:45.791227+00:00	Debian Oval Importer	Fixing	VCID-bn6y-snuj-gbdy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T10:15:27.591285+00:00	Debian Oval Importer	Fixing	VCID-6xfm-qpgd-ebaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-13T10:15:12.905541+00:00	Debian Oval Importer	Fixing	VCID-wfv6-euzm-7bhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-13T10:14:47.729146+00:00	Debian Oval Importer	Fixing	VCID-hm61-cd18-hycu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-13T09:15:33.767232+00:00	Debian Importer	Fixing	VCID-6xfm-qpgd-ebaw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:39:57.326653+00:00	Debian Importer	Fixing	VCID-wfv6-euzm-7bhc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:42:21.968000+00:00	Debian Importer	Affected by	VCID-wfv6-euzm-7bhc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:31:23.829684+00:00	Debian Importer	Affected by	VCID-hm61-cd18-hycu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:58:59.446305+00:00	Debian Importer	Fixing	VCID-hm61-cd18-hycu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:20:02.593385+00:00	Debian Importer	Affected by	VCID-6xfm-qpgd-ebaw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T15:55:16.044030+00:00	Debian Oval Importer	Fixing	VCID-bn6y-snuj-gbdy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T20:08:59.875103+00:00	Debian Importer	Fixing	VCID-6xfm-qpgd-ebaw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:46:17.570980+00:00	Debian Importer	Fixing	VCID-wfv6-euzm-7bhc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:07:15.523387+00:00	Debian Importer	Affected by	VCID-wfv6-euzm-7bhc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:00:06.112087+00:00	Debian Importer	Affected by	VCID-hm61-cd18-hycu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:38:31.932496+00:00	Debian Importer	Fixing	VCID-hm61-cd18-hycu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T15:48:30.001021+00:00	Debian Oval Importer	Fixing	VCID-bn6y-snuj-gbdy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-04T18:05:27.365000+00:00	Debian Importer	Affected by	VCID-6xfm-qpgd-ebaw	https://security-tracker.debian.org/tracker/data/json	38.1.0