CVE-2023-36054

krb5: Denial of service through freeing uninitialized pointer

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

NVD
RedHat

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).

*Credits: N/A

CVSS Scores

NISTv3.1 6.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-06-21 CVE Reserved
2023-08-07 CVE Published
2024-08-13 EPSS Updated
2024-10-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-824: Access of Uninitialized Pointer

CAPEC

References (8)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html	Mailing List
https://security.netapp.com/advisory/ntap-20230908-0004	Third Party Advisory
https://web.mit.edu/kerberos/www/advisories	Product

URL	Date	SRC

URL	Date	SRC
https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd	2023-11-15
https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final	2023-11-15
https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final	2023-11-15

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-36054	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=2230178	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				< 1.20.2 Search vendor "Mit" for product "Kerberos 5" and version " < 1.20.2"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.21 Search vendor "Mit" for product "Kerberos 5" and version "1.21"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.21 Search vendor "Mit" for product "Kerberos 5" and version "1.21"		beta1		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.0 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.0"		-		Affected
Netapp Search vendor "Netapp"		Hci Search vendor "Netapp" for product "Hci"				-		-		Affected
Netapp Search vendor "Netapp"		Management Services For Element Software Search vendor "Netapp" for product "Management Services For Element Software"				-		-		Affected
Netapp Search vendor "Netapp"		Ontap Tools Search vendor "Netapp" for product "Ontap Tools"				-		vmware_vsphere		Affected