CVE-2019-14867 — Code Injection in Freeipa

CWE-94 — Code Injection CWE-400 — Uncontrolled Resource Consumption CWE-134 — Use of Externally-Controlled Format String9 documents7 sources

Severity

8.8HIGHNVD

EPSS

3.4%

top 12.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeipa RED HAT IPA Fedoraproject Fedora

Timeline

PublishedNov 27

Latest updateDec 6

Description

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶PyPIred_hat/ipa4.6.2 — 4.6.7+2

▶NVDfreeipa/freeipa4.6.0 — 4.6.7+2

▶PyPIfreeipa/freeipa4.6.2 — 4.6.7+2

▶Debianfreeipa/freeipa< 4.8.3-1+2

▶CVEListV5red_hat/ipaall IPA 4.6.x versions before 4.6.7, all IPA 4.7.x versions before 4.7.4, all IPa 4.8.x versions before 4.8.3+2

Also affects: Fedora 30, 31

🔴Vulnerability Details

OSV

Code injection in FreeIPA↗2021-12-06

▶

GHSA

Code injection in FreeIPA↗2021-12-06

▶

OSV

CVE-2019-14867: A flaw was found in IPA, all 4↗2019-11-27

▶

CVEList

CVE-2019-14867: A flaw was found in IPA, all 4↗2019-11-27

▶

📋Vendor Advisories

Red Hat

ipa: Denial of service in IPA server due to wrong use of ber_scanf()↗2019-08-26

▶

Debian

CVE-2019-14867: freeipa - A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions bef...↗2019

▶

💬Community

Bugzilla

CVE-2019-14867 freeipa: ipa: Denial of service in IPA server due to wrong use of ber_scanf() [fedora-all]↗2019-11-27

▶

Bugzilla

CVE-2019-14867 ipa: Denial of service in IPA server due to wrong use of ber_scanf()↗2019-10-30

▶