CVE-2022-39028
published 2022-08-30CVE-2022-39028: telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | inetutils | < inetutils 2:2.3-5 (bookworm) | inetutils 2:2.3-5 (bookworm) |
| gnu | inetutils | <= 2.3 | — |
| gnu | inetutils | >= 0 < 2:2.0-1+deb11u1 | 2:2.0-1+deb11u1 |
| gnu | inetutils | >= 0 < 2:2.3-5 | 2:2.3-5 |
| gnu | inetutils | >= 0 < 2:2.3-5 | 2:2.3-5 |
| gnu | inetutils | >= 0 < 2:2.3-5 | 2:2.3-5 |
| gnu | inetutils | >= 0 < 2:1.9.4-11ubuntu0.2 | 2:1.9.4-11ubuntu0.2 |
| gnu | inetutils | >= 0 < 2:2.2-2ubuntu0.1 | 2:2.2-2ubuntu0.1 |
| gnu | inetutils | >= 0 < 2:1.9.2-1ubuntu0.1~esm2 | 2:1.9.2-1ubuntu0.1~esm2 |
| gnu | inetutils | >= 0 < 2:1.9.4-1ubuntu0.1~esm3 | 2:1.9.4-1ubuntu0.1~esm3 |
| gnu | inetutils | >= 0 < 2:1.9.4-3ubuntu0.1+esm2 | 2:1.9.4-3ubuntu0.1+esm2 |
| mit | kerberos_5 | <= 1.0.3 | — |
| netkit-telnet_project | netkit-telnet | <= 0.17 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.8HIGH