CVE-2023-36054
krb5: Denial of service through freeing uninitialized pointer
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-06-21 CVE Reserved
- 2023-08-07 CVE Published
- 2024-10-11 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20230908-0004 | Third Party Advisory | |
https://web.mit.edu/kerberos/www/advisories | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-36054 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2230178 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | < 1.20.2 Search vendor "Mit" for product "Kerberos 5" and version " < 1.20.2" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.21 Search vendor "Mit" for product "Kerberos 5" and version "1.21" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.21 Search vendor "Mit" for product "Kerberos 5" and version "1.21" | beta1 |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | 9.0 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Hci Search vendor "Netapp" for product "Hci" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Management Services For Element Software Search vendor "Netapp" for product "Management Services For Element Software" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Ontap Tools Search vendor "Netapp" for product "Ontap Tools" | - | vmware_vsphere |
Affected
|