Vulnerability Details CVE-2017-9732
The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.048
EPSS Ranking 89.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2018/Nov/65
- https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1
- https://github.com/irsl/knc-memory-exhaustion/
- http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html
- http://seclists.org/fulldisclosure/2018/Nov/65
- https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1
- https://github.com/irsl/knc-memory-exhaustion/
Products affected by CVE-2017-9732
-
cpe:2.3:a:secure-endpoints:kerberised_netcat:1.6
-
cpe:2.3:a:secure-endpoints:kerberised_netcat:1.6.1
-
cpe:2.3:a:secure-endpoints:kerberised_netcat:1.7
-
cpe:2.3:a:secure-endpoints:kerberised_netcat:1.7.1