CVE-2018-5709

CVE Details

Visit the official vulnerability details page for CVE-2018-5709 to learn more.

Initial Publication

11/13/2024

Last Update

11/13/2024

Third Party Dependency

libgssapi-krb5-2

NIST CVE Summary

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

CVE Severity

7.5

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Ongoing

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.4.20	Impacted	No Impact	Impacted	No Impact

Revision History

Date	Revision

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​