CVE-2021-47765
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: VulnCheck

Description
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to become unresponsive.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47765
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
celestialsoftware absolute_telnet 11.24
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in AbsoluteTelnet 11.24 is a local denial of service (DoS) issue where an attacker can crash the application by inputting 1000 characters into the username or email address fields. Specifically, by inserting an oversized string into the 'Username' field during SSH authentication or the 'Your Email Address (optional)' field in the error reporting dialog, the application becomes unresponsive and crashes. [1]

Impact Analysis

The impact of this vulnerability is that a local attacker can cause AbsoluteTelnet to crash, resulting in a denial of service. This means legitimate users may be unable to use the application until it is restarted, potentially disrupting workflows that depend on this SSH client. [1]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running AbsoluteTelnet 11.24. Specifically, you can create an input string of 1000 characters (e.g., 1000 'A's) and paste it into the 'Username' field during SSH1 or SSH2 connection authentication or into the 'Your Email Address (optional)' field in the error report dialog. If the application crashes or becomes unresponsive, the vulnerability is present. A provided Python script (from the exploit) can generate the required input file (exploit.txt) with 1000 'A' characters. The steps are: 1) Run the Python script to generate the input file. 2) Open AbsoluteTelnet and create a new SSH connection. 3) Paste the contents of the input file into the Username field and confirm. 4) Observe if the application crashes. 5) Reopen AbsoluteTelnet, trigger an error report, and paste the input into the email field to test again. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of AbsoluteTelnet version 11.24 or restricting local access to the application to trusted users only, since the vulnerability requires local attacker interaction. Do not input or allow input of excessively long strings (e.g., 1000 characters) into the Username or error report email fields. Monitoring and controlling local user permissions can help prevent exploitation. Additionally, check for updates or patches from the vendor or consider using alternative SSH clients until a fix is available. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47765. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart