Vulnerability CVE-2023-36054: Information
Description
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
krb5 | sisyphus | 1.21.1-alt1 | 1.21.2-alt2 | ALT-PU-2023-4333-1 | 324679 | Fixed |
krb5 | sisyphus_e2k | 1.21.1-alt1 | 1.21.2-alt2 | ALT-PU-2023-4354-1 | - | Fixed |
krb5 | sisyphus_riscv64 | 1.21.1-alt1 | 1.21.2-alt2 | ALT-PU-2023-4374-1 | - | Fixed |
krb5 | p10 | 1.19.4-alt2 | 1.19.4-alt3 | ALT-PU-2023-4586-3 | 325690 | Fixed |
krb5 | p10_e2k | 1.19.4-alt2 | 1.19.4-alt3 | ALT-PU-2023-4798-1 | - | Fixed |
krb5 | p9 | 1.17.2-alt5 | 1.17.2-alt5 | ALT-PU-2023-4585-3 | 325691 | Fixed |
krb5 | p9_e2k | 1.17.2-alt5 | 1.17.2-alt5 | ALT-PU-2023-5378-1 | - | Fixed |
krb5 | c10f1 | 1.19.4-alt3 | 1.19.4-alt3 | ALT-PU-2024-6715-3 | 345241 | Fixed |
krb5 | c9f2 | 1.17.2-alt5 | 1.17.2-alt5 | ALT-PU-2024-2315-2 | 340650 | Fixed |