NULL Pointer Dereference in Telnet Service Leads to Potential Downtime for GNU Inetutils
CVE-2022-39028

7.5HIGH

Key Information:

Vendor: Gnu
Status: Inetutils
Vendor: CVE Published:; 30 August 2022

Summary

The telnetd component in GNU Inetutils, up to version 2.3, and MIT krb5-appl, up to version 1.0.3, is susceptible to a NULL pointer dereference triggered by specific byte sequences. When exploited, this vulnerability may lead to repeated crashes of the telnetd application. Initially, the application will crash without affecting the telnet service, which remains operational through inetd. However, if multiple crashes occur rapidly, inetd will halt the telnet service, logging a termination error. This issue is notable as some Linux distributions still package the affected version of MIT krb5-appl, a component that has not received upstream support for years, even though the faulty code was removed from the actively supported versions of MIT Kerberos.

References

https://lists.gnu.org/archive/html/bug-inetutils/2022-08/...

https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-fr...

https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/co...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2022
Vulnerability Reserved
Aug 30, 2022