CVE-2019-14867
HIGHFreeIPA 4.6.0-4.6.6, 4.7.0-4.7.3, 4.8.0-4.8.2 - Unauthenticated Denial of Service via Kerberos Key Parsing
Title source: llmDescription
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
References (8)
Core 8
Core References
Release Notes x_refsource_misc
https://www.freeipa.org/page/Releases/4.7.4
Release Notes x_refsource_misc
https://www.freeipa.org/page/Releases/4.8.3
Release Notes x_refsource_misc
https://www.freeipa.org/page/Releases/4.6.7
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14867
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0378
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2019:4268
Scores
CVSS v3
8.8
EPSS
0.0633
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-400
CWE-94
Status
published
Products (5)
fedoraproject/fedora
30
fedoraproject/fedora
31
freeipa/freeipa
4.6.0 - 4.6.7
pypi/freeipa
4.6.2 - 4.6.7PyPI
pypi/ipa
4.6.2 - 4.6.7PyPI
Published
Nov 27, 2019
Tracked Since
Feb 18, 2026