{"id":"CVE-2018-5709","details":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.","modified":"2026-03-14T09:29:59.032415Z","published":"2018-01-16T09:29:00.500Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"},{"type":"ADVISORY","url":"https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"last_affected":"ae432f4b3b58c29bd6799e158c83ff4ee1d3ddb0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.16."}]}}],"versions":["krb5-1.16-beta1","krb5-1.16-beta2","krb5-1.16-final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5709.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5-1.16"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}