n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has ass…"/> n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has ass…"/> n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has ass…"/>
VDB

CVE-2018-5709

CVE-2018-5709 PUBLISHED

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

EPSS 1.64% · 82.3th percentile

Risk Scores

EPSS Score
1.64%
82.3th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:14.04:LTSkrb51.11.3+dfsg-3ubuntu2, 1.12+dfsg-2ubuntu5.4+esm5, 1.12+dfsg-2ubuntu5.4+esm4
Ubuntu:Pro:18.04:LTSkrb51.15.1-2, 1.16-2, 1.16-2build1
Ubuntu:22.04:LTSkrb51.19.2-2ubuntu0.3, 1.18.3-6, 1.18.3-7
Ubuntu:20.04:LTSkrb50, 1.17-6ubuntu4.6, 1.17-6ubuntu4.7
Ubuntu:Pro:16.04:LTSkrb51.13.2+dfsg-5, 1.13.2+dfsg-3, 0

Timeline

  • Jan 16, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Feb 27, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 5, 2022 EPSS Score
  • Jan 7, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›