VulnerableCode Package Details - pkg:deb/debian/inetutils@2:1.9.2.39.3a460-3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/inetutils@2:1.9.2.39.3a460-3

Essentials
History (27)

purl	pkg:deb/debian/inetutils@2:1.9.2.39.3a460-3

Next non-vulnerable version	2:2.4-2+deb12u3
Latest non-vulnerable version	2:2.6-3+deb13u3
Risk	10.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-6xfm-qpgd-ebaw Aliases: CVE-2026-28372	telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.	2:2.4-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:2.4-2+deb12u3 Affected by 0 other vulnerabilities.
VCID-8491-mjp3-bqbv Aliases: CVE-2022-39028	krb5-appl: NULL pointer dereference	2:2.0-1+deb11u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bn6y-snuj-gbdy Aliases: CVE-2026-24061	A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root.	2:2.4-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-eq37-ztb2-nfb8 Aliases: CVE-2021-40491	The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.	2:2.0-1+deb11u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hm61-cd18-hycu Aliases: CVE-2026-32746	telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.	2:2.4-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:2.4-2+deb12u3 Affected by 0 other vulnerabilities. 2:2.6-3+deb13u3 Affected by 0 other vulnerabilities.
VCID-m459-kwuf-2kd4 Aliases: CVE-2023-40303	GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.	2:2.0-1+deb11u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qg9t-d2pk-yub6 Aliases: CVE-2019-0053	Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.	2:2.0-1+deb11u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-um87-6yps-cbfk Aliases: CVE-2020-10188	telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code	2:2.0-1+deb11u2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wfv6-euzm-7bhc Aliases: CVE-2026-32772	telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.	2:2.4-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2:2.4-2+deb12u3 Affected by 0 other vulnerabilities. 2:2.6-3+deb13u3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-8mwn-2k1d-rkfz	Multiple vulnerabilities have been found in RSYSLOG, allowing attackers to cause Denial of Service.	CVE-2014-3634

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:18:02.028767+00:00	Debian Oval Importer	Affected by	VCID-6xfm-qpgd-ebaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T01:17:47.082787+00:00	Debian Oval Importer	Affected by	VCID-wfv6-euzm-7bhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T01:17:22.158897+00:00	Debian Oval Importer	Affected by	VCID-hm61-cd18-hycu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:54:55.935029+00:00	Debian Oval Importer	Fixing	VCID-8mwn-2k1d-rkfz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:53:18.739359+00:00	Debian Oval Importer	Affected by	VCID-m459-kwuf-2kd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:16:42.362018+00:00	Debian Oval Importer	Affected by	VCID-8491-mjp3-bqbv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:20:47.741608+00:00	Debian Oval Importer	Affected by	VCID-eq37-ztb2-nfb8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:40:21.171367+00:00	Debian Oval Importer	Affected by	VCID-qg9t-d2pk-yub6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:04:44.332413+00:00	Debian Oval Importer	Affected by	VCID-um87-6yps-cbfk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:07:45.769571+00:00	Debian Oval Importer	Affected by	VCID-bn6y-snuj-gbdy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T10:15:27.573224+00:00	Debian Oval Importer	Affected by	VCID-6xfm-qpgd-ebaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-13T10:15:12.888523+00:00	Debian Oval Importer	Affected by	VCID-wfv6-euzm-7bhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-13T10:14:47.714210+00:00	Debian Oval Importer	Affected by	VCID-hm61-cd18-hycu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:29:12.159924+00:00	Debian Oval Importer	Fixing	VCID-8mwn-2k1d-rkfz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:27:39.565216+00:00	Debian Oval Importer	Affected by	VCID-m459-kwuf-2kd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:52:24.097311+00:00	Debian Oval Importer	Affected by	VCID-8491-mjp3-bqbv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:58:13.828552+00:00	Debian Oval Importer	Affected by	VCID-eq37-ztb2-nfb8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:24:49.395626+00:00	Debian Oval Importer	Affected by	VCID-qg9t-d2pk-yub6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:51:15.080844+00:00	Debian Oval Importer	Affected by	VCID-um87-6yps-cbfk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:55:16.027911+00:00	Debian Oval Importer	Affected by	VCID-bn6y-snuj-gbdy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:02:08.090106+00:00	Debian Oval Importer	Fixing	VCID-8mwn-2k1d-rkfz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:00:40.355155+00:00	Debian Oval Importer	Affected by	VCID-m459-kwuf-2kd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:26:55.245127+00:00	Debian Oval Importer	Affected by	VCID-8491-mjp3-bqbv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:35:25.898233+00:00	Debian Oval Importer	Affected by	VCID-eq37-ztb2-nfb8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:10:44.665416+00:00	Debian Oval Importer	Affected by	VCID-qg9t-d2pk-yub6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:41:17.438230+00:00	Debian Oval Importer	Affected by	VCID-um87-6yps-cbfk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:48:29.981709+00:00	Debian Oval Importer	Affected by	VCID-bn6y-snuj-gbdy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0