CVE-2022-39028

2022-08-3005:15:08

CWE-476

mitre

web.nvd.nist.gov

cve-2022-39028

telnetd

gnu inetutils

mit krb5-appl

null pointer dereference

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a “telnet/tcp server failing (looping), service terminated” error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

Affected configurations

Nvd

Node

gnuinetutilsRange≤2.3

Node

mitkerberos_5Range≤1.0.3

Node

debiandebian_linuxMatch10.0

Node

netkit-telnet_projectnetkit-telnetRange≤0.17

VendorProductVersionCPE
gnuinetutils*cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*
mitkerberos_5*cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
netkit-telnet_projectnetkit-telnet*cpe:2.3:a:netkit-telnet_project:netkit-telnet:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	inetutils	*	cpe:2.3:a:gnu:inetutils::::::::
mit	kerberos_5	*	cpe:2.3:a:mit:kerberos_5::::::::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
netkit-telnet_project	netkit-telnet	*	cpe:2.3:a:netkit-telnet_project:netkit-telnet::::::::