VulnerableCode Vulnerability Details - VCID-unvx-tsxw-abbw

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-unvx-tsxw-abbw

Essentials
Severities (3)
References (13)
Severity details (0)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-unvx-tsxw-abbw
Aliases	CVE-2011-4862
Summary	A boundary error in Heimdal could result in execution of arbitrary code.
Status	Published
Exploitability	2.0
Weighted Severity	0.8
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-130	Improper Handling of Length Parameter Inconsistency
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862
epss	0.92585	https://api.first.org/data/v1/epss?cve=CVE-2011-4862

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-4862
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
770325		https://bugzilla.redhat.com/show_bug.cgi?id=770325
CVE-2011-4862;OSVDB-78020	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb
CVE-2011-4862;OSVDB-78020	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c
CVE-2011-4862;OSVDB-78020	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb
GLSA-201201-14		https://security.gentoo.org/glsa/201201-14
GLSA-201202-05		https://security.gentoo.org/glsa/201202-05
RHSA-2011:1851		https://access.redhat.com/errata/RHSA-2011:1851
RHSA-2011:1852		https://access.redhat.com/errata/RHSA-2011:1852
RHSA-2011:1853		https://access.redhat.com/errata/RHSA-2011:1853
RHSA-2011:1854		https://access.redhat.com/errata/RHSA-2011:1854

Data source	Exploit-DB
Date added	Dec. 26, 2011
Description	TelnetD encrypt_keyid - Function Pointer Overwrite
Ransomware campaign use	Known
Source publication date	Dec. 26, 2011
Exploit type	remote
Platform	linux
Source update date	Dec. 5, 2016

Data source	Metasploit
Description	This module exploits a buffer overflow in the encryption option handler of the Linux BSD-derived telnet service (inetutils or krb5-telnet). Most Linux distributions use NetKit-derived telnet daemons, so this flaw only applies to a small subset of Linux systems running telnetd.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	Dec. 23, 2011
Platform	Linux
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.9974
EPSS Score	0.92585
Published At	April 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:00:32.256332+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201202-05	38.0.0