VulnerableCode Vulnerability Details - VCID-68kc-7knb-k7a7

Search for vulnerabilities

Vulnerability details: VCID-68kc-7knb-k7a7

Essentials
Severities (10)
References (12)
Severity details (0)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-68kc-7knb-k7a7
Aliases	CVE-2011-4862
Summary	krb5: telnet client and server encrypt_keyid heap-based buffer overflow
Status	Published
Exploitability	2.0
Weighted Severity	0.8
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-130	Improper Handling of Length Parameter Inconsistency
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
epss	0.92409	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92409	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92409	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92409	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-4862
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
654231		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654231
770325		https://bugzilla.redhat.com/show_bug.cgi?id=770325
CVE-2011-4862;OSVDB-78020	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb
CVE-2011-4862;OSVDB-78020	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c
CVE-2011-4862;OSVDB-78020	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb
RHSA-2011:1851		https://access.redhat.com/errata/RHSA-2011:1851
RHSA-2011:1852		https://access.redhat.com/errata/RHSA-2011:1852
RHSA-2011:1853		https://access.redhat.com/errata/RHSA-2011:1853
RHSA-2011:1854		https://access.redhat.com/errata/RHSA-2011:1854

Data source	Metasploit
Description	This module exploits a buffer overflow in the encryption option handler of the Linux BSD-derived telnet service (inetutils or krb5-telnet). Most Linux distributions use NetKit-derived telnet daemons, so this flaw only applies to a small subset of Linux systems running telnetd.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	Dec. 23, 2011
Platform	Linux
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb

Data source	Exploit-DB
Date added	Dec. 26, 2011
Description	TelnetD encrypt_keyid - Function Pointer Overwrite
Ransomware campaign use	Known
Source publication date	Dec. 26, 2011
Exploit type	remote
Platform	linux
Source update date	Dec. 5, 2016

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.99722
EPSS Score	0.92409
Published At	Sept. 21, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T11:24:40.347973+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json	37.0.0