CVE-2017-9732 Information

Description

The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication possibly affecting another services running on the targeted host.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html http://seclists.org/fulldisclosure/2018/Nov/65 https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1 https://github.com/irsl/knc-memory-exhaustion/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5