Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-36054HistoryAug 07, 2023 - 7:15 p.m.
CVE-2023-36054
2023-08-0719:15:09
Debian Security Bug Tracker
security-tracker.debian.org
110
mit kerberos 5
krb5
1.20.2
1.21.1
kadmind
uninitialized pointer
remote authenticated user
kadmind crash
unvalidated relationship
n_key_data
key_data array count
0.003 Low
EPSS
Percentile
67.5%
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | krb5 | < 1.20.1-2+deb12u1 | krb5_1.20.1-2+deb12u1_all.deb |
| Debian | 11 | all | krb5 | < 1.18.3-6+deb11u4 | krb5_1.18.3-6+deb11u4_all.deb |
| Debian | 10 | all | krb5 | < 1.17-3+deb10u6 | krb5_1.17-3+deb10u6_all.deb |
| Debian | 999 | all | krb5 | < 1.20.1-3 | krb5_1.20.1-3_all.deb |
| Debian | 13 | all | krb5 | < 1.20.1-3 | krb5_1.20.1-3_all.deb |
Related
nessus
nessus
SUSE SLES12 Security Update : krb5 (SUSE-SU-2023:3398-1)
2023-08-24 00:00:00
Debian DLA-3626-1 : krb5 - LTS security update
2023-10-23 00:00:00
SUSE SLES15 Security Update : krb5 (SUSE-SU-2023:3365-1)
2023-08-19 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-3131)
2023-11-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3434-1)
2023-08-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3398-1)
2023-08-24 00:00:00
debian
debian
[SECURITY] [DLA 3626-1] krb5 security update
2023-10-22 20:50:42
redhatcve
redhatcve
CVE-2023-36054
2023-08-22 17:50:19
osv
osv
CVE-2023-36054
2023-08-07 19:15:09
krb5 vulnerability
2023-11-06 09:36:15
krb5 vulnerability
2023-11-01 11:26:31
veracode
veracode
Denial Of Service (DoS)
2023-08-11 04:04:24
ubuntu
ubuntu
Kerberos vulnerability
2023-11-01 00:00:00
Kerberos vulnerability
2023-11-06 00:00:00
amazon
amazon
Medium: krb5
2023-08-30 17:56:00
Medium: krb5
2023-08-31 22:28:00
cbl_mariner
cbl_mariner
CVE-2023-36054 affecting package krb5 for versions less than 1.19.4-2
2023-08-30 14:44:06
cve
cve
CVE-2023-36054
2023-08-07 19:15:09
prion
prion
Design/Logic Flaw
2023-08-07 19:15:00
cloudfoundry
cloudfoundry
USN-6467-2: Kerberos vulnerability | Cloud Foundry
2023-11-09 00:00:00
ibm
ibm
cvelist
cvelist
CVE-2023-36054
2023-08-07 00:00:00
redos
redos
ROS-20240405-04
2024-04-05 00:00:00
ubuntucve
ubuntucve
CVE-2023-36054
2023-08-07 00:00:00
slackware
slackware
[slackware-security] krb5
2023-07-12 20:49:22
almalinux
almalinux
Moderate: krb5 security and bug fix update
2023-11-07 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0624
2023-08-01 00:00:00
Moderate Photon OS Security Update - PHSA-2023-5.0-0062
2023-08-01 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0442
2023-08-01 00:00:00
redhat
redhat
(RHSA-2023:6699) Moderate: krb5 security and bug fix update
2023-11-07 06:12:13
oraclelinux
oraclelinux
krb5 security and bug fix update
2023-11-11 00:00:00
gentoo
gentoo
MIT krb5: Multiple Vulnerabilities
2024-05-05 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00