Unrated severityNVD Advisory· Published Aug 7, 2023· Updated Oct 11, 2024
CVE-2023-36054
CVE-2023-36054
Description
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
Affected products
38- MIT/Kerberos 5description
- osv-coords37 versionspkg:rpm/almalinux/krb5-develpkg:rpm/almalinux/krb5-libspkg:rpm/almalinux/krb5-pkinitpkg:rpm/almalinux/krb5-serverpkg:rpm/almalinux/krb5-server-ldappkg:rpm/almalinux/krb5-workstationpkg:rpm/almalinux/libkadm5pkg:rpm/opensuse/krb5&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/krb5&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/krb5&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/krb5&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/krb5&distro=openSUSE%20Tumbleweedpkg:rpm/suse/krb5&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/krb5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/krb5&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/krb5&distro=SUSE%20Manager%20Server%204.2
< 1.21.1-1.el9+ 36 more
- (no CPE)range: < 1.21.1-1.el9
- (no CPE)range: < 1.21.1-1.el9
- (no CPE)range: < 1.21.1-1.el9
- (no CPE)range: < 1.21.1-1.el9
- (no CPE)range: < 1.21.1-1.el9
- (no CPE)range: < 1.21.1-1.el9
- (no CPE)range: < 1.21.1-1.el9
- (no CPE)range: < 1.19.2-150400.3.6.1
- (no CPE)range: < 1.20.1-150500.3.3.1
- (no CPE)range: < 1.19.2-150400.3.6.1
- (no CPE)range: < 1.19.2-150400.3.6.1
- (no CPE)range: < 1.21.1-1.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.16.3-150100.3.30.1
- (no CPE)range: < 1.16.3-150100.3.30.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.19.2-150400.3.6.1
- (no CPE)range: < 1.19.2-150400.3.6.1
- (no CPE)range: < 1.19.2-150400.3.6.1
- (no CPE)range: < 1.20.1-150500.3.3.1
- (no CPE)range: < 1.19.2-150400.3.6.1
- (no CPE)range: < 1.20.1-150500.3.3.1
- (no CPE)range: < 1.12.5-40.52.1
- (no CPE)range: < 1.12.5-40.52.1
- (no CPE)range: < 1.16.3-150100.3.30.1
- (no CPE)range: < 1.16.3-150100.3.30.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.12.5-40.52.1
- (no CPE)range: < 1.16.3-150100.3.30.1
- (no CPE)range: < 1.16.3-150100.3.30.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.12.5-40.52.1
- (no CPE)range: < 1.19.2-150300.13.1
- (no CPE)range: < 1.19.2-150300.13.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.debian.org/debian-lts-announce/2023/10/msg00031.htmlmitremailing-list
- github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cddmitre
- github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-finalmitre
- github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-finalmitre
- security.netapp.com/advisory/ntap-20230908-0004/mitre
- web.mit.edu/kerberos/www/advisories/mitre
News mentions
0No linked articles in our index yet.