Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-39028

Published: 30/08/2022 Updated: 27/09/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Gnu

Vulnerability Summary

telnetd in GNU Inetutils up to and including 2.3, MIT krb5-appl up to and including 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu inetutils

mit kerberos 5

debian debian linux 10.0

netkit-telnet project netkit-telnet

Vendor Advisories

Red Hat:
telnetd in GNU Inetutils through 23, MIT krb5-appl through 103, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8 In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd However, if the telnetd application has many crashes within a short time interv ...

References

CWE-476https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.htmlhttps://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.htmlhttps://lists.debian.org/debian-lts-announce/2022/11/msg00033.htmlhttps://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-39028
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook