CVE-2018-5709

SOURCE - nist

Summary

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

EPSS Score⁠: 0.00097 (0.405)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-190⁠

Integer Overflow or Wraparound

SOURCE - redhat

CWE-190⁠

Integer Overflow or Wraparound

Sources (5)

Impacted images

debian

CREATED

6 years ago

UPDATED

17 days ago

SOURCE IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/krb5	deb	debian	12	>=1.20.1-2+deb12u1	Not yet available
debian/krb5	deb	debian	10	>=1.17-3+deb10u4	Not yet available
debian/krb5	deb	debian	13	>=1.20.1-6	Not yet available
debian/krb5	deb	debian	unstable	>=1.20.1-6	Not yet available
debian/krb5	deb	debian	11	>=1.18.3-6+deb11u4	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

6 years ago

UPDATED

3 years ago

SOURCE IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-190⁠

CVSS SCORE

7.5high

alpine

CREATED

6 years ago

UPDATED

2 months ago

SOURCE IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

6 years ago

UPDATED

1 month ago

SOURCE IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

redhat

CREATED

6 years ago

UPDATED

10 months ago

SOURCE IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-190⁠

CVSS SCORE

6.3medium