CVE-2018-5709

ADVISORY - nist

Summary

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

EPSS Score⁠: 0.00463 (0.633)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-190⁠

Integer Overflow or Wraparound

ADVISORY - redhat

CWE-190⁠

Integer Overflow or Wraparound

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.