{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39028", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T11:10:32.472Z", "dateReserved": "2022-08-30T00:00:00", "datePublished": "2022-08-30T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html"}, {"url": "https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html"}, {"url": "https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289"}, {"name": "[debian-lts-announce] 20221125 [SECURITY] [DLA 3205-1] inetutils security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:10:32.472Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html", "tags": ["x_transferred"]}, {"url": "https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html", "tags": ["x_transferred"]}, {"url": "https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221125 [SECURITY] [DLA 3205-1] inetutils security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:inetutils:*:*:*:*:*:*:*:*", "matchCriteriaId": "71A27EE2-625D-4C9F-8490-FAB69D43CC47", "versionEndIncluding": "2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "C22F67DF-8D11-48CD-978B-D4E887215849", "versionEndIncluding": "1.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netkit-telnet_project:netkit-telnet:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0EF3431-0075-4A40-BAC6-28C9F08315A2", "versionEndIncluding": "0.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8."}, {"lang": "es", "value": "telnetd en GNU Inetutils versiones hasta 2.3, MIT krb5-appl versiones hasta 1.0.3, y trabajos derivados presenta una desreferencia de puntero NULL por medio de 0xff 0xf7 o 0xff 0xf8. En una instalaci\u00f3n t\u00edpica, la aplicaci\u00f3n telnetd ser\u00eda bloqueada pero el servicio telnet seguir\u00eda estando disponible mediante inetd. Sin embargo, si la aplicaci\u00f3n telnetd presenta muchos bloqueos en un intervalo de tiempo corto, el servicio telnet dejar\u00e1 de estar disponible despu\u00e9s de que inetd registre un error \"telnet/tcp server failing (looping), service terminated\". NOTA: MIT krb5-appl no est\u00e1 soportado por la corriente principal, pero est\u00e1 incluido en algunas distribuciones de Linux. El c\u00f3digo afectado fue retirado del producto MIT Kerberos 5 (aka krb5) soportado hace muchos a\u00f1os, en versi\u00f3n 1.8"}], "id": "CVE-2022-39028", "lastModified": "2024-11-21T07:17:24.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-30T05:15:08.117", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "krb5-appl: NULL pointer dereference", "id": "2126045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126045"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.", "A flaw was found in MIT krb5-appl, where it has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. The telnetd application would crash in a typical installation, but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \"telnet/tcp server failing (looping), service terminated\" error."], "name": "CVE-2022-39028", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "krb5-appl", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-08-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-39028\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39028"], "threat_severity": "Moderate"}