CVE-2022-39028

7.5HIGH

Key Information:

Vendor: Gnu
Status: Inetutils
Vendor: CVE Published:; 30 August 2022

Summary

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

References

https://lists.gnu.org/archive/html/bug-inetutils/2022-08/...

https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-fr...

https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/co...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2022
Vulnerability Reserved
Aug 30, 2022