CVE-2023-36054
krb5: Denial of service through freeing uninitialized pointer
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).
USN-6467-1 fixed a vulnerability in Kerberos. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing of uninitialized memory. An authenticated remote attacker could possibly use this issue to cause kadmind to crash, resulting in a denial of service.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-06-21 CVE Reserved
- 2023-08-07 CVE Published
- 2024-10-11 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20230908-0004 | Third Party Advisory |
|
| https://web.mit.edu/kerberos/www/advisories | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-36054 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2230178 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | < 1.20.2 Search vendor "Mit" for product "Kerberos 5" and version " < 1.20.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.21 Search vendor "Mit" for product "Kerberos 5" and version "1.21" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.21 Search vendor "Mit" for product "Kerberos 5" and version "1.21" | beta1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | 9.0 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Search vendor "Netapp" for product "Hci" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Element Software Search vendor "Netapp" for product "Management Services For Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Tools Search vendor "Netapp" for product "Ontap Tools" | - | vmware_vsphere |
Affected
| ||||||