Your submission was sent successfully! Close

CVE-2020-10188

Published: 6 March 2020

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
inetutils
Launchpad, Ubuntu, Debian 		bionic
Released (2:1.9.4-3ubuntu0.1)
focal
Released (2:1.9.4-11ubuntu0.1)
groovy Not vulnerable
(2:1.9.4-12)
hirsute Not vulnerable
(2:1.9.4-12)
impish Not vulnerable
(2:1.9.4-12)
jammy Not vulnerable
(2:1.9.4-12)
precise Does not exist

trusty Needs triage

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
netkit-telnet
Launchpad, Ubuntu, Debian 		bionic Not vulnerable
(0.17-41)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(0.17-41.2build1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(0.17-42)
jammy Not vulnerable
(0.17-44build1)
precise Ignored
(end of ESM support, was not-affected)
trusty Not vulnerable
(0.17-36build2)
upstream
Released (0.17-18woody2)
xenial Not vulnerable
(0.17-40)
netkit-telnet-ssl
Launchpad, Ubuntu, Debian 		bionic Needs triage

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)

Notes

AuthorNote
ccdm94 
in netkit-telnet, this CVE was patched in 0.17-18woody2. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953477 for
more information.

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading