CVE-2026-32746

Medienbericht

Exploit

EPSS 4.55%
Veröffentlicht 13.03.2026 17:15:14
Zuletzt bearbeitet 05.05.2026 18:15:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Inetutils Version <= 2.7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.55%	0.892

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html

Media Report

https://thehackernews.com/2026/03/weekly-recap-cicd-backdoor-fbi-buys.html

Media Report

https://www.heise.de/news/Telnet-Kritische-Luecke-erlaubt-Einschleusen-von-Schadcode-aus-dem-Netz-11215518.html

Media Report

https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html

Media Report

https://www.openwall.com/lists/oss-security/2026/03/12/4

Third Party Advisory

Mailing List

https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html