CVE-2018-5710NULL Pointer Dereference in Kerberos

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 31.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MIT Krb5MIT Kerberos
Timeline
PublishedJan 16
Latest updateMay 14

Description

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianmit/krb5< 1.16.1-1+3
NVDmit/kerberos5-1.16

🔴Vulnerability Details

3
GHSA
GHSA-6wfw-m2q3-x7rq: An issue was discovered in MIT Kerberos 5 (aka krb5) through 12022-05-14
CVEList
CVE-2018-5710: An issue was discovered in MIT Kerberos 5 (aka krb5) through 12018-01-16
OSV
CVE-2018-5710: An issue was discovered in MIT Kerberos 5 (aka krb5) through 12018-01-16

📋Vendor Advisories

2
Red Hat
krb5: null pointer deference in strlen function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c2018-01-15
Debian
CVE-2018-5710: krb5 - An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defin...2018

💬Community

1
Bugzilla
CVE-2018-5710 krb5: null pointer deference in strlen function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c2018-01-17
CVE-2018-5710 — NULL Pointer Dereference in Kerberos | cvebase