telnet client can infinitely recurse
for a Python3 one-connection listener that will cause our telnet client to crash spectacularly with a very big stack:
nowhere(~)% mdb core Loading modules: [ libc.so.1 ld.so.1 ] > ::stack !wc -l 218055 > nowhere(~)%
This has a CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0053
A FreeBSD patch found here: https://security.FreeBSD.org/patches/SA-19:12/telnet.patch
shows mostly fixes that were apparently in place pre-OpenSolaris (sprintf to snprintf). It's possible some other code that's caught-up on FreeBSD isn't at all in ours.
Updated by Dan McDonald 12 months ago
Better link for FreeBSD fix: https://github.com/freebsd/freebsd/commit/084f697eff4428a0e87d5291d5b676f64776a117