Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5828-1
HistoryJan 25, 2023 - 8:14 p.m.

krb5 vulnerabilities

2023-01-2520:14:24
Google
osv.dev
6
kerberos
ubuntu
denial of service
cve-2018-20217
pac
remote attacker
arbitrary code
cve-2022-42898

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

It was discovered that Kerberos incorrectly handled certain S4U2Self
requests. An attacker could possibly use this issue to cause a denial of
service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu
18.04 LTS. (CVE-2018-20217)

Greg Hudson discovered that Kerberos PAC implementation incorrectly
handled certain parsing operations. A remote attacker could use this
issue to cause a denial of service, or possibly execute arbitrary code.
(CVE-2022-42898)

Related

openvas 52
nessus 70
cloudfoundry 1
ubuntu 1
suse 2
nvd 2
fedora 8
altlinux 3
prion 2
amazon 4
cve 2
mageia 2
osv 8
ubuntucve 2
alpinelinux 1
redhatcve 1
debiancve 2
cvelist 2
cisa 1
redhat 10
veracode 1
cbl_mariner 4
oraclelinux 3
centos 1
rocky 2
f5 1
almalinux 2
ibm 3
cloudlinux 1
debian 2
slackware 2
samba 1
openvas
openvas
Ubuntu: Security Advisory (USN-5828-1)
2023-01-26 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-2600)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2019-2378)
2020-01-23 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Kerberos vulnerabilities (USN-5828-1)
2023-01-25 00:00:00
openSUSE Security Update : krb5 (openSUSE-2019-85)
2019-01-28 00:00:00
SUSE SLES12 Security Update : krb5 (SUSE-SU-2019:0113-1)
2019-01-18 00:00:00
cloudfoundry
cloudfoundry
USN-5828-1: Kerberos vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
ubuntu
ubuntu
Kerberos vulnerabilities
2023-01-25 00:00:00
suse
suse
Security update for krb5 (important)
2019-01-18 00:00:00
Security update for krb5 (important)
2019-01-25 00:00:00
nvd
nvd
CVE-2018-20217
2018-12-26 21:29:02
CVE-2022-42898
2022-12-25 06:15:09
fedora
fedora
[SECURITY] Fedora 29 Update: krb5-1.16.1-24.fc29
2019-01-08 02:43:21
[SECURITY] Fedora 29 Update: krb5-1.16.1-22.fc29
2018-12-24 06:08:40
[SECURITY] Fedora 28 Update: krb5-1.16.1-24.fc28
2019-01-11 00:17:04
altlinux
altlinux
Security fix for the ALT Linux 9 package krb5 version 1.16.3-alt1
2019-01-08 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt4
2022-11-24 00:00:00
Security fix for the ALT Linux 10 package samba version 4.16.7-alt1
2022-11-22 00:00:00
prion
prion
Design/Logic Flaw
2018-12-26 21:29:00
Integer overflow
2022-12-25 06:15:00
amazon
amazon
Medium: krb5
2020-05-22 20:58:00
Important: krb5
2023-01-18 20:56:00
Important: krb5
2023-01-18 00:17:00
cve
cve
CVE-2018-20217
2018-12-26 21:29:02
CVE-2022-42898
2022-12-25 06:15:09
mageia
mageia
Updated krb5 packages fix security vulnerability
2019-01-10 13:53:49
Updated krb5 packages fix security vulnerability
2022-12-17 21:48:08
osv
osv
CVE-2018-20217
2018-12-26 21:29:02
Important: krb5 security update
2022-11-28 09:18:18
Important: krb5 security update
2022-11-28 09:21:44
ubuntucve
ubuntucve
CVE-2018-20217
2018-12-26 00:00:00
CVE-2022-42898
2022-12-25 00:00:00
alpinelinux
alpinelinux
CVE-2018-20217
2018-12-26 21:29:02
redhatcve
redhatcve
CVE-2018-20217
2019-01-10 21:50:36
debiancve
debiancve
CVE-2018-20217
2018-12-26 21:29:02
CVE-2022-42898
2022-12-25 06:15:09
cvelist
cvelist
CVE-2018-20217
2018-12-26 20:00:00
CVE-2022-42898
2022-12-25 00:00:00
cisa
cisa
Samba Releases Security Updates
2022-11-16 00:00:00
redhat
redhat
(RHSA-2022:9029) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-3]
2022-12-14 14:12:25
(RHSA-2022:8639) Important: krb5 security update
2022-11-28 09:36:41
(RHSA-2022:8637) Important: krb5 security update
2022-11-28 09:18:18
veracode
veracode
Denial Of Service (DoS)
2022-11-21 15:06:29
cbl_mariner
cbl_mariner
CVE-2022-42898 affecting package samba 4.12.5-6
2024-07-01 09:08:35
CVE-2022-42898 affecting package heimdal 7.7.0-5
2023-01-29 21:01:57
CVE-2022-42898 affecting package krb5 for versions less than 1.19.4-1
2023-01-17 16:46:47
oraclelinux
oraclelinux
krb5 security update
2022-11-29 00:00:00
krb5 security update
2023-02-09 00:00:00
krb5 security update
2022-11-28 00:00:00
centos
centos
krb5, libkadm5 security update
2022-11-30 23:03:16
rocky
rocky
krb5 security update
2022-11-28 09:18:18
krb5 security update
2022-11-28 09:21:44
f5
f5
SAMBA vulnerability CVE-2022-42898
2022-11-29 22:49:00
almalinux
almalinux
Important: krb5 security update
2022-11-28 00:00:00
Important: krb5 security update
2022-11-28 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
2023-09-19 19:52:23
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in MIT krb5 (CVE-2022-42898).
2023-03-31 17:55:17
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to [CVE-2022-42898]
2023-01-27 10:11:21
cloudlinux
cloudlinux
krb5: Fix of CVE-2022-42898
2022-12-12 19:47:31
debian
debian
[SECURITY] [DLA 3213-1] krb5 security update
2022-11-29 15:07:54
[SECURITY] [DSA 5286-1] krb5 security update
2022-11-19 13:31:00
slackware
slackware
[slackware-security] krb5
2022-11-17 01:59:39
[slackware-security] samba
2022-11-17 02:00:41
samba
samba
Samba buffer overflow vulnerabilities on 32-bit
2022-11-15 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON
Related for OSV:USN-5828-1
openvas52nessus70cloudfoundry1ubuntu1suse2nvd2fedora8altlinux3prion2amazon4cve2mageia2osv8ubuntucve2alpinelinux1redhatcve1debiancve2cvelist2cisa1redhat10veracode1cbl_mariner4oraclelinux3centos1rocky2f51almalinux2ibm3cloudlinux1debian2slackware2samba1