CVE-2022-39028
- Source
- https://cve.org/CVERecord?id=CVE-2022-39028
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39028.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-39028
- Downstream
- Related
- Published
- 2022-08-30T00:00:00Z
- Modified
- 2026-05-15T11:54:11.480406193Z
- Summary
- [none]
- Details
-
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.
- Database specific
{ "cna_assigner": "mitre", "unresolved_ranges": [ { "source": "DESCRIPTION", "extracted_events": [ { "fixed": "2.3" }, { "introduced": "krb5-appl" }, { "fixed": "1.0.3" } ] } ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39028.json" }- References
-
- https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289
- https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39028.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-39028
- https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html
- https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html