Home > Vulnerability Database > CVE-2019-14867

Mend.io Vulnerability Database

CVE-2019-14867

Good to know:

Date: November 27, 2019

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.

Language: Python

Severity Score

8.8

Related Resources (18)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-14867

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/

Url: https://access.redhat.com/security/cve/CVE-2019-14867

Url: https://github.com/pypa/advisory-db/tree/main/vulns/ipa/PYSEC-2019-28.yaml

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/

Url: https://github.com/advisories/GHSA-7hpj-hfcr-5qwm

Url: https://www.freeipa.org/page/Releases/4.7.4

Url: https://www.freeipa.org/page/Releases/4.8.3

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14867

Url: https://access.redhat.com/errata/RHSA-2020:0378

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T/

Url: https://github.com/pypa/advisory-database/tree/main/vulns/ipa/PYSEC-2019-28.yaml

Url: https://www.freeipa.org/page/Releases/4.6.7

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFL5XDCJ3WT6JCLCQVKHZBLHGW7PW4T

Url: https://access.redhat.com/errata/RHBA-2019:4268

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/67SEUWJAJ5RMH5K4Q6TS2I7HIMXUGNKF

Url: https://www.mend.io/vulnerability-database/CVE-2019-14867

Severity Score

8.8

Weakness Type (CWE)

Code Injection

CWE-94

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version ipa - 4.6.7,4.7.4,4.8.3

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-14867

Good to know:

Date: November 27, 2019

Language: Python

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?