CVE-2018-5709

ADVISORY - nist

Summary

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

EPSS Score⁠: 0.00097 (0.417)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-190⁠

Integer Overflow or Wraparound

ADVISORY - redhat

CWE-190⁠

Integer Overflow or Wraparound

Impacted images

Advisories

NIST

CREATED

7 years ago

UPDATED

4 years ago

ADVISORY IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Alpine

CREATED

7 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

7 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

7 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

Red Hat

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2018-5709⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.3medium