CVE-2018-5729
- Source
- https://cve.org/CVERecord?id=CVE-2018-5729
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5729.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-5729
- Downstream
- Related
- Published
- 2018-03-06T20:29:00.563Z
- Modified
- 2026-04-02T01:24:45.076831Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
- References
-
- https://access.redhat.com/errata/RHSA-2018:3071
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/
- http://www.securitytracker.com/id/1042071
- https://access.redhat.com/errata/RHBA-2019:0327
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869
- https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/
- https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
- https://bugzilla.redhat.com/show_bug.cgi?id=1551083
Affected packages
Git / github.com/krb5/krb5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/krb5/krb5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/krb5/krb5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
kfw-2.*
kfw-2.6-beta1
kfw-2.6-beta2
kfw-2.6-beta3
kfw-2.6-beta5
kfw-2.6-beta6
kfw-2.6-beta7
kfw-2.6-beta8
kfw-2.6-beta9
kfw-2.6-final
kfw-2.6.1-beta1
kfw-2.6.1-final
kfw-2.6.2-beta1
kfw-2.6.2-beta2
kfw-2.6.2-final
kfw-2.6.3-final
kfw-2.6.4-beta1
kfw-2.6.4-beta2
kfw-2.6.4-beta3
kfw-2.6.4-beta4
kfw-2.6.4-final
kfw-2.6.5-beta2
kfw-2.6.5-final
kfw-3.*
kfw-3.0-beta2
kfw-3.0-final
kfw-3.0.1-final
kfw-3.1.0-beta1
kfw-3.1.0-beta2
kfw-3.1.0-beta3
kfw-3.1.0-beta4
kfw-3.1.0-final
kfw-3.2.0-beta1
kfw-3.2.0-beta2
kfw-3.2.0-beta3
kfw-3.2.0-final
kfw-3.2.1-beta1
kfw-3.2.1-beta2
kfw-3.2.1-final
kfw-3.2.2-beta1
kfw-3.2.2-beta2
kfw-3.2.2-final
kfw-3.2.3-alpha1
kfw-4.*
kfw-4.0-final
kfw-4.0.1-beta1
kfw-4.0.1-final
kfw-4.1-beta1
kfw-4.1-beta2
kfw-4.1-beta3
kfw-4.1-beta3-mit
kfw-4.1-final
kfw-4.1-final-mit
krb5-1.*
krb5-1.0-alpha0
krb5-1.0-alpha2
krb5-1.0-alpha3
krb5-1.0-alpha4
krb5-1.0-alpha5
krb5-1.0-beta1
krb5-1.0-beta2
krb5-1.0-beta3
krb5-1.0-beta4
krb5-1.0-beta4.1
krb5-1.0-beta4.2
krb5-1.0-beta4.3
krb5-1.0-beta5
krb5-1.0-beta6
krb5-1.0-beta7
krb5-1.0-final
krb5-1.0-freeze1
krb5-1.0-freeze2
krb5-1.0-freeze3
krb5-1.0.1-final
krb5-1.0.2-final
krb5-1.0.3-final
krb5-1.0.4-final
krb5-1.0.5-final
krb5-1.0.5-freeze1
krb5-1.0.5-freeze2
krb5-1.0.5-freeze3
krb5-1.0.6-beta1
krb5-1.0.6-beta2
krb5-1.0.6-beta3
krb5-1.0.6-beta4
krb5-1.0.6-beta5
krb5-1.0.6-final
krb5-1.0.7-beta1
krb5-1.0.7-beta2
krb5-1.1-beta1
krb5-1.1-final
krb5-1.1.1-beta1
krb5-1.1.1-beta2
krb5-1.1.1-final
krb5-1.1.2-beta1
krb5-1.1.2-beta2
krb5-1.10-alpha1
krb5-1.10-alpha2
krb5-1.10-beta1
krb5-1.10-final
krb5-1.10.1-final
krb5-1.10.2-final
krb5-1.10.3-final
krb5-1.10.4-final
krb5-1.10.5-final
krb5-1.10.6-final
krb5-1.10.7-final
krb5-1.11-alpha1
krb5-1.11-beta1
krb5-1.11-beta2
krb5-1.11-final
krb5-1.11.1-final
krb5-1.11.2-final
krb5-1.11.3-final
krb5-1.11.4-final
krb5-1.11.5-final
krb5-1.11.6-final
krb5-1.12-alpha1
krb5-1.12-beta1
krb5-1.12-beta2
krb5-1.12-final
krb5-1.12.1-final
krb5-1.12.2-final
krb5-1.12.3-final
krb5-1.12.4-final
krb5-1.12.5-final
krb5-1.13-alpha1
krb5-1.13-beta1
krb5-1.13-final
krb5-1.13.1-final
krb5-1.13.2-final
krb5-1.13.3-final
krb5-1.13.4-final
krb5-1.13.5-final
krb5-1.13.6-final
krb5-1.13.7-final
krb5-1.14-alpha1
krb5-1.14-beta1
krb5-1.14-beta2
krb5-1.14-final
krb5-1.14.1-final
krb5-1.14.2-final
krb5-1.14.3-final
krb5-1.14.4-final
krb5-1.14.5-final
krb5-1.14.6-final
krb5-1.15-beta1
krb5-1.15-beta2
krb5-1.15-final
krb5-1.15.1-final
krb5-1.15.2-final
krb5-1.15.3-final
krb5-1.15.4-final
krb5-1.15.5-final
krb5-1.16-beta1
krb5-1.16-beta2
krb5-1.16-final
krb5-1.16.1-final
krb5-1.16.2-final
krb5-1.16.3-final
krb5-1.16.4-final
krb5-1.2-beta1
krb5-1.2-beta2
krb5-1.2-beta3
krb5-1.2-beta4
krb5-1.2-final
krb5-1.2.1-final
krb5-1.2.2-beta1
krb5-1.2.2-final
krb5-1.2.3-beta1
krb5-1.2.3-beta2
krb5-1.2.3-beta3
krb5-1.2.3-beta4
krb5-1.2.3-final
krb5-1.2.4-beta1
krb5-1.2.4-beta2
krb5-1.2.4-final
krb5-1.2.5-beta1
krb5-1.2.5-beta2
krb5-1.2.5-final
krb5-1.2.6-beta1
krb5-1.2.6-beta2
krb5-1.2.6-final
krb5-1.2.7-beta1
krb5-1.2.7-beta2
krb5-1.2.7-final
krb5-1.2.8-final
krb5-1.3-alpha1
krb5-1.3-alpha2
krb5-1.3-alpha3
krb5-1.3-beta1
krb5-1.3-beta2
krb5-1.3-beta3
krb5-1.3-beta4
krb5-1.3-beta5
krb5-1.3-final
krb5-1.3.1-beta1
krb5-1.3.1-final
krb5-1.3.1-kfw
krb5-1.3.2-beta1
krb5-1.3.2-beta2
krb5-1.3.2-beta3
krb5-1.3.2-beta4
krb5-1.3.2-beta5
krb5-1.3.2-final
krb5-1.3.3-beta1
krb5-1.3.3-beta2
krb5-1.3.3-final
krb5-1.3.4-beta1
krb5-1.3.4-final
krb5-1.3.5-beta1
krb5-1.3.5-final
krb5-1.3.6-final
krb5-1.4-beta1
krb5-1.4-beta2
krb5-1.4-beta3
krb5-1.4-beta4
krb5-1.4-beta5
krb5-1.4-final
krb5-1.4.1-beta1
krb5-1.4.1-final
krb5-1.4.2-beta1
krb5-1.4.2-final
krb5-1.4.3-beta1
krb5-1.4.3-beta2
krb5-1.4.3-final
krb5-1.4.4-beta1
krb5-1.4.4-final
krb5-1.5-alpha1
krb5-1.5-beta1
krb5-1.5-beta2
krb5-1.5-final
krb5-1.5.1-beta1
krb5-1.5.1-final
krb5-1.5.2-final
krb5-1.5.3-final
krb5-1.5.4-final
krb5-1.6-alpha1
krb5-1.6-beta1
krb5-1.6-beta2
krb5-1.6-final
krb5-1.6.1-beta1
krb5-1.6.1-final
krb5-1.6.2-final
krb5-1.6.3-beta1
krb5-1.6.3-beta2
krb5-1.6.3-final
krb5-1.6.4-beta1
krb5-1.7-alpha1
krb5-1.7-beta1
krb5-1.7-beta2
krb5-1.7-beta3
krb5-1.7-final
krb5-1.7.1-beta1
krb5-1.7.1-final
krb5-1.7.2-final
krb5-1.8-alpha1
krb5-1.8-beta1
krb5-1.8-beta2
krb5-1.8-final
krb5-1.8.1-beta1
krb5-1.8.1-beta2
krb5-1.8.1-final
krb5-1.8.2-beta1
krb5-1.8.2-final
krb5-1.8.3-beta1
krb5-1.8.3-final
krb5-1.8.4-final
krb5-1.8.5-beta1
krb5-1.8.5-final
krb5-1.8.6-final
krb5-1.9-beta1
krb5-1.9-beta2
krb5-1.9-beta3
krb5-1.9-final
krb5-1.9.1-beta1
krb5-1.9.1-final
krb5-1.9.2-beta1
krb5-1.9.2-final
krb5-1.9.3-final
krb5-1.9.4-final
krb5-1.9.5-final
Other
ms-bug-test-20060525
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5729.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "5-1.6"
},
{
"fixed": "5-1.21.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
}
]
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"75111337352398189721598009294308441505",
"336958063836204927476289690788542691638",
"120087076127768584086495051510240846203",
"334893741469516411255274780463999380445"
],
"threshold": 0.9
},
"source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
"id": "CVE-2018-5729-10253d21",
"target": {
"file": "src/lib/kadm5/srv/svr_principal.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "211120422275595891342126583688331665321",
"length": 16964.0
},
"source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
"id": "CVE-2018-5729-18578c69",
"target": {
"file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c",
"function": "krb5_ldap_put_principal"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"326058565137069495098940319200829364162",
"31597852237694983539698081505007826967",
"160641354086710381327501125745268035190",
"299613844414308646218701632485234642946",
"117221313208336232592334488995642422464",
"108458747949923556049754148080979900508",
"187110090378269903063862699572586019056",
"222484068341340778357130514302121754202",
"288591930033976887255844629288350021081",
"86346674961012804615844276971126163308",
"220667028627045818404251534448252592012",
"105494505659290755888617580854215948536",
"112600968483297221848576600275164726929",
"13930920837612666657940515751581506804",
"187964875996132765998013465807699671966",
"54079241832758304666338893361250597169",
"195832476258473845233169472413378217919",
"91481431019675277163790282571982528566",
"106356270551367843593939781999461511172",
"196376047534901911220151329623340750013",
"316535679230422766263526642004906960633",
"167416946229790454119182116668299384918",
"272502607591239377147665390268745654651",
"34468822679603349342911005618143068512",
"307397591991080417744704121984251592566",
"201936030911882923308571295476005446762",
"7620406347633417157429156055109178202",
"91884226057018905065522792693734143492",
"327548710538031912751057990649665717275",
"61615111599628738855154878530075183642",
"249562238218886193487204935367496464147",
"227486761007117995411342921140906417301",
"117236531258341529864494240346124992392",
"12743398315979035491510585567965365959",
"282935356386053384962349093621192437475",
"94395669830553337409160377434812094021",
"163531340918182357032945199762115398036",
"75407180318704451699303769443305508093",
"47981791486271131330930217371812311807",
"24302025610066777540751352989555425213",
"161603311430215845574263198389790787458",
"52782127679438286320472527691536478240",
"242231467410340112532404933334557781668",
"196766540872299545217859069370695476770",
"78538417860661143951668589539896516904",
"11615575500189806612629371785162470098",
"229371149006051468397776974187811811678",
"166124692004026351661914811610548743576",
"328772279878327418613225228407183016376",
"333171212044154732321189302389863222331",
"24148913399438739242625156167299467439",
"172778515924890525027153601710687678755",
"113275589606634581167301345789465884847",
"319973085289599329428543664097595049973",
"54845722450703358705143440800998335458",
"285614249126381644002431301316916002321",
"72541389364875135270197549144757252503",
"63171983421821844004713211411385187533",
"103943022312666616468944187079462199614",
"68594980306929940245666997737602741565",
"20247472026367935089741594659737379805",
"138624575094585257843982795348275745587",
"123112631681129865141747472810363340369",
"195311976186946851393125577543572349860",
"139074246385868219682765612412148974034",
"53205641744594562615583039321824899347",
"249983414507444467383023984336828138480",
"301497781858382190441445359305483325679",
"98281345617827930809087695362129421346",
"169706574031586378537266273977081791862",
"137672769316082463772982373276740952864",
"107894361932976249672933757962959296304",
"339901691616296679351499870827314521446",
"321396455338754912776100837265003478946"
],
"threshold": 0.9
},
"source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
"id": "CVE-2018-5729-1c755c59",
"target": {
"file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "10181940549393762099804094725073658979",
"length": 4242.0
},
"source": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
"id": "CVE-2018-5729-e9d63a64",
"target": {
"file": "src/lib/kadm5/srv/svr_principal.c",
"function": "kadm5_create_principal_3"
}
}
]