CVE-2022-39028

HIGH
Published Aug 30, 20223y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Aug 30, 2022 3y ago
Last Modified Jun 17, 2026 2w ago

Description

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
gnuinetutils* ≤2.3
mitkerberos_5* ≤1.0.3
debiandebian_linux10.0any
netkit-telnet_projectnetkit-telnet* ≤0.17

References 4

  • git.hadrons.org https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289
    Mailing ListPatchVendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html
    Mailing ListThird Party Advisory
  • lists.gnu.org https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
    Mailing ListVendor Advisory
  • pierrekim.github.io https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
    ExploitPatchThird Party Advisory

Remediation

  • git.hadrons.org https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289
    Mailing ListPatchVendor Advisory
  • pierrekim.github.io https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
    ExploitPatchThird Party Advisory