Function Call with Incorrectly Specified Arguments

CVE-2019-14844

High

7.5/10

Summary

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-628 - Function Call with Incorrectly Specified Arguments

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

References

Advisory Timeline

Published Sep 26, 2019

Function Call with Incorrectly Specified Arguments

CVE-2019-14844

Summary

CWE-628 - Function Call with Incorrectly Specified Arguments

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS