Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5710

Опубликовано: 15 янв. 2018
Источник: redhat
CVSS3: 6.5

Описание

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

Отчет

This flaw was found to be a duplicate of CVE-2018-5729. Please see https://access.redhat.com/security/cve/CVE-2018-5729 for information about affected products and security errata.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5krb5Not affected
Red Hat Enterprise Linux 6krb5Not affected
Red Hat Enterprise Linux 7krb5Not affected
Red Hat Enterprise Linux 8krb5Not affected
Red Hat JBoss Core Serviceskrb5Not affected
Red Hat JBoss Enterprise Application Platform 6krb5Not affected
Red Hat JBoss Enterprise Web Server 2krb5Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1535575krb5: null pointer deference in strlen function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5710

CVSS3: 6.5
ubuntu
около 8 лет назад

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

nvd логотип

CVE-2018-5710

CVSS3: 6.5
nvd
около 8 лет назад

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

debian логотип

CVE-2018-5710

CVSS3: 6.5
debian
около 8 лет назад

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...

github логотип

GHSA-6wfw-m2q3-x7rq

CVSS3: 6.5
github
больше 3 лет назад

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

6.5 Medium

CVSS3