CVE-2021-47765
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| celestialsoftware | absolute_telnet | 11.24 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in AbsoluteTelnet 11.24 is a local denial of service (DoS) issue where an attacker can crash the application by inputting 1000 characters into the username or email address fields. Specifically, by inserting an oversized string into the 'Username' field during SSH authentication or the 'Your Email Address (optional)' field in the error reporting dialog, the application becomes unresponsive and crashes. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that a local attacker can cause AbsoluteTelnet to crash, resulting in a denial of service. This means legitimate users may be unable to use the application until it is restarted, potentially disrupting workflows that depend on this SSH client. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running AbsoluteTelnet 11.24. Specifically, you can create an input string of 1000 characters (e.g., 1000 'A's) and paste it into the 'Username' field during SSH1 or SSH2 connection authentication or into the 'Your Email Address (optional)' field in the error report dialog. If the application crashes or becomes unresponsive, the vulnerability is present. A provided Python script (from the exploit) can generate the required input file (exploit.txt) with 1000 'A' characters. The steps are: 1) Run the Python script to generate the input file. 2) Open AbsoluteTelnet and create a new SSH connection. 3) Paste the contents of the input file into the Username field and confirm. 4) Observe if the application crashes. 5) Reopen AbsoluteTelnet, trigger an error report, and paste the input into the email field to test again. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of AbsoluteTelnet version 11.24 or restricting local access to the application to trusted users only, since the vulnerability requires local attacker interaction. Do not input or allow input of excessively long strings (e.g., 1000 characters) into the Username or error report email fields. Monitoring and controlling local user permissions can help prevent exploitation. Additionally, check for updates or patches from the vendor or consider using alternative SSH clients until a fix is available. [1]