CVE-2026-32746 in inetutils
Summary
by MITRE • 03/13/2026
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/10/2026
The vulnerability identified as CVE-2026-32746 represents a critical out-of-bounds write flaw within the telnetd implementation of GNU inetutils version 2.7 and earlier. This issue resides in the LINEMODE SLC (Set Local Characters) suboption handler, which is part of the telnet protocol's negotiation mechanism for configuring terminal behavior. The flaw manifests when processing incoming telnet commands that contain SLC suboption data, specifically in the add_slc function that handles the addition of local character settings to internal buffers.
The technical root cause stems from inadequate buffer boundary checking within the add_slc function, which fails to validate whether the destination buffer has sufficient capacity to accommodate incoming SLC data. This omission allows attackers to craft malicious telnet packets containing oversized SLC suboption sequences that exceed the allocated buffer space, resulting in memory corruption that can overwrite adjacent memory regions. The vulnerability operates at the protocol level where telnet servers process client negotiations, making it particularly dangerous as it can be exploited during normal telnet session establishment and configuration phases.
The operational impact of this vulnerability extends beyond simple memory corruption, as it provides potential attack vectors for remote code execution or denial of service conditions. An attacker who successfully exploits this flaw could manipulate the telnet server's memory layout to redirect execution flow or cause application crashes, effectively compromising the availability and integrity of the affected system. The vulnerability is particularly concerning given telnet's widespread use in network administration and embedded systems where remote access is required, making the attack surface substantial across various network infrastructure components.
This vulnerability aligns with CWE-121, which addresses stack-based buffer overflow conditions, and demonstrates characteristics consistent with the ATT&CK technique T1190 for exploitation of remote services through protocol manipulation. The flaw represents a classic buffer management error where insufficient input validation and boundary checking allow malicious data to exceed allocated memory space, potentially enabling privilege escalation or arbitrary code execution depending on the target system's configuration and memory protection mechanisms. Organizations should prioritize immediate patching of GNU inetutils installations and consider implementing network segmentation to limit exposure to this vulnerability, particularly in environments where telnet services remain active.
The exploitation of this vulnerability requires minimal privileges and can be executed through standard network communication protocols, making it accessible to attackers with basic network access. The lack of proper bounds checking in the add_slc function creates a persistent risk that cannot be mitigated through runtime protections alone, necessitating complete code fixes or complete removal of the vulnerable telnet service from production environments until proper patches are deployed.