Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: inetutils

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-32772
3.4 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 month ago
telnet in GNU inetutils through 2.7 allows servers to read …

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.

Affected products

inetutils
  • =<2.7

Matching in nixpkgs

pkgs.inetutils

Collection of common network programs

  • nixos-unstable 2.7
    • nixpkgs-unstable 2.7
    • nixos-unstable-small 2.7
  • nixos-25.11 2.7
    • nixos-25.11-small 2.7
    • nixpkgs-25.11-darwin 2.7

Package maintainers

Permalink CVE-2026-32746
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month ago
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write …

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Affected products

inetutils
  • =<2.7

Matching in nixpkgs

pkgs.inetutils

Collection of common network programs

  • nixos-unstable 2.7
    • nixpkgs-unstable 2.7
    • nixos-unstable-small 2.7
  • nixos-25.11 2.7
    • nixos-25.11-small 2.7
    • nixpkgs-25.11-darwin 2.7

Package maintainers

Permalink CVE-2026-28372
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
telnetd in GNU inetutils through 2.7 allows privilege escalation that …

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Affected products

inetutils
  • =<2.7

Matching in nixpkgs

pkgs.inetutils

Collection of common network programs

  • nixos-unstable 2.7
    • nixpkgs-unstable 2.7
    • nixos-unstable-small 2.7
  • nixos-25.11 2.7
    • nixos-25.11-small 2.7
    • nixpkgs-25.11-darwin 2.7

Package maintainers

Permalink CVE-2026-24061
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 4 weeks ago
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass …

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Affected products

Inetutils
  • =<2.7

Matching in nixpkgs

pkgs.inetutils

Collection of common network programs

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6
  • nixos-25.11 2.6
    • nixpkgs-25.11-darwin 2.6

Package maintainers