CVE-2011-4862 [Critical] | Memory Corruption in Inetutils

CVE-2011-4862 is rated High Exploit Risk (90.1/100): CVSS Critical severity, with high exploitation likelihood (EPSS 92.58%, 100th percentile). 4 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
18368	exploit_db	edb	2012-01-14	Exploit-DB ↗
18369	exploit_db	edb	2012-01-14	Exploit-DB ↗
18280	exploit_db	edb	2011-12-26	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

18368

exploit_db

edb

2012-01-14

Exploit-DB ↗

18369

exploit_db

edb

2012-01-14

Exploit-DB ↗

18280

exploit_db

edb

2011-12-26

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-01	92.41%	92.58%	+0.18%
2	2025-09-08	92.58%	92.41%	-0.18%
3	2025-03-17	—	92.58%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-12-01

92.41%

92.58%

+0.18%

2025-09-08

92.58%

92.41%

-0.18%

2025-03-17

—

92.58%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

OS Trackers for CVE-2011-4862

vendor	priority	summary	link
`debian`	high	CVE-2011-4862 high priority: Debian including 3 source packages (heimdal, inetutils, krb5), 15 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 15.	https://security-tracker.debian.org/tracker/CVE-2011-4862
`gentoo`	high	CVE-2011-4862: 2 GLSA(s) (201201-14, 201202-05), 2 atom(s) (app-crypt/heimdal, app-crypt/mit-krb5-appl); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2011-4862
`redhat`	critical	—	https://access.redhat.com/security/cve/CVE-2011-4862
`ubuntu`	medium	CVE-2011-4862 medium priority: Ubuntu including 4 source packages (heimdal, inetutils, krb5, krb5-appl), 68 status rows across 17 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 31, ignored 25, DNE 8, needs-triage 2, released 2.	https://ubuntu.com/security/CVE-2011-4862

Affected software / configurations for CVE-2011-4862

Vendor	Product	Version	Raw CPE
gnu	inetutils	< 1.9	cpe:2.3:a:gnu:inetutils::::::::
heimdal_project	heimdal	<= 1.5.1	cpe:2.3:a:heimdal_project:heimdal::::::::
mit	krb5-appl	<= 1.0.2	cpe:2.3:a:mit:krb5-appl::::::::
freebsd	freebsd	>= 7.3, <= 9.0	cpe:2.3:o:freebsd:freebsd::::::::
fedoraproject	fedora	15	cpe:2.3:o:fedoraproject:fedora:15:::::::*
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
debian	debian_linux	5.0	cpe:2.3:o:debian:debian_linux:5.0:::::::*
debian	debian_linux	6.0	cpe:2.3:o:debian:debian_linux:6.0:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
opensuse	opensuse	11.3	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
suse	linux_enterprise_desktop	10	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
suse	linux_enterprise_server	9	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp2::::::
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::ltss:::*
suse	linux_enterprise_server	10	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::-::*
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::-:vmware::
suse	linux_enterprise_software_development_kit	10	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
suse	linux_enterprise_software_development_kit	11	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1::::::

References for CVE-2011-4862

URL	Tags
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html	Broken Link
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592	Patch Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html	Third Party Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html	Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html	Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html	Vendor Advisory
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html	Mailing List Third Party Advisory
http://osvdb.org/78020	Broken Link
http://secunia.com/advisories/46239	Third Party Advisory
http://secunia.com/advisories/47341	Third Party Advisory
http://secunia.com/advisories/47348	Third Party Advisory
http://secunia.com/advisories/47357	Third Party Advisory
http://secunia.com/advisories/47359	Third Party Advisory
http://secunia.com/advisories/47373	Third Party Advisory
http://secunia.com/advisories/47374	Third Party Advisory
http://secunia.com/advisories/47397	Third Party Advisory
http://secunia.com/advisories/47399	Third Party Advisory
http://secunia.com/advisories/47441	Third Party Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc	Mitigation Vendor Advisory
http://security.freebsd.org/patches/SA-11:08/telnetd.patch	Patch Vendor Advisory
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt	Patch Vendor Advisory
http://www.debian.org/security/2011/dsa-2372	Third Party Advisory
http://www.debian.org/security/2011/dsa-2373	Third Party Advisory
http://www.debian.org/security/2011/dsa-2375	Third Party Advisory
http://www.exploit-db.com/exploits/18280/	Exploit Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1851.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1852.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1853.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1854.html	Third Party Advisory
http://www.securitytracker.com/id?1026460	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1026463	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970	Third Party Advisory VDB Entry

URL

CVE-2011-4862

Public exploit references (Exploit-DB) for CVE-2011-4862

Exploit prediction scoring system (EPSS) score for CVE-2011-4862

Common vulnerability scoring system (CVSS) metrics for CVE-2011-4862

Weakness enumeration for CVE-2011-4862

OS Trackers for CVE-2011-4862

Affected software / configurations for CVE-2011-4862

References for CVE-2011-4862