NULL Pointer Dereference

Affecting krb5 package, versions <1.16-2ubuntu0.1

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

References

CVSS Score

4.7
low severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    High
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    Low
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE
CVE-2018-5729
CWE
CWE-476
Snyk ID
SNYK-UBUNTU1804-KRB5-396222
Disclosed
06 Mar, 2018
Published
06 Mar, 2018