CVE-2018-5710

Published: 16 January 2018

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream
Released (1.16.1-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.16.1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.16.1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed

Binaries built from this source package are in Universe and so are supported by the community.