CVE-2020-10188

CRITICAL

Juniper Junos < 0.17 - Buffer Overflow

Title source: rule
STIX 2.1

Description

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

References (11)

Core 11
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00038.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html

Scores

CVSS v3 9.8
EPSS 0.0958
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (10)
arista/eos 4.24.0f
arista/eos < 4.20.15
debian/debian_linux 8.0
debian/debian_linux 9.0
fedoraproject/fedora 30
fedoraproject/fedora 31
fedoraproject/fedora 32
juniper/junos 12.3 (27 CPE variants)
juniper/junos 12.3r12
juniper/junos 12.3x48 (15 CPE variants)
Published Mar 06, 2020
Tracked Since Feb 18, 2026