Search for vulnerabilities
Vulnerability details: VCID-bvs1-kkez-53bs
Vulnerability ID VCID-bvs1-kkez-53bs
Aliases CVE-2023-40303
Summary GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-252 Unchecked Return Value
System Score Found at
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2023-40303
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2023-40303
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-40303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40303
https://ftp.gnu.org/gnu/inetutils/
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html
https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html
http://www.openwall.com/lists/oss-security/2023/12/30/4
1049365 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049365
cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*
CVE-2023-40303 https://nvd.nist.gov/vuln/detail/CVE-2023-40303
USN-6304-1 https://usn.ubuntu.com/6304-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40303
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.12199
EPSS Score 0.00043
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:10.631586+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6304-1/ 37.0.0