Dear GNU InetUtils maintainers, I am submitting a patch to address the critical vulnerability identified as CVE-2026-32746 in telnetd.
The vulnerability is a buffer overflow in the add_slc function within the LINEMODE SLC suboption handling. An unauthenticated remote attacker can exploit this to achieve arbitrary code execution. This patch introduces proper bounds checking before writing to the destination buffer, preventing the overflow. I have tested this against the current 2.7 release and confirmed it remediates the issue without breaking existing telnet functionality. Please find the .patch file attached. I am available to discuss any necessary adjustments or to complete the FSF copyright assignment if required. Best regards, benjamin leon dubos
FIX-cve-2026-32746.patch
Description: Binary data
