Lucene search

PRIOn knowledge basePRION:CVE-2018-5710

HistoryJan 16, 2018 - 9:29 a.m.

Null pointer dereference

2018-01-1609:29:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

JSON

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function “strlen” is getting a “NULL” string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

CPENameOperatorVersion
kerberoseq<= 5-1.16

CPE	Name	Operator	Version
	kerberos	eq	<= 5-1.16

References

github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)