Lucene search
PRIOn knowledge basePRION:CVE-2023-36054HistoryAug 07, 2023 - 7:15 p.m.
Design/Logic Flaw
2023-08-0719:15:00
PRIOn knowledge base
www.prio-n.com
13
mit kerberos 5
kadm_rpc_xdr.c
design flaw
logic flaw
remote user
authenticated
crash
kadmind
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| kerberos_5 | eq | 1.21 beta1 | |
| kerberos_5 | eq | 1.21 | |
| kerberos_5 | lt | 1.20.2 | |
| clustered_data_ontap | eq | 9.0 |
References
github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final
lists.debian.org/debian-lts-announce/2023/10/msg00031.html
security.netapp.com/advisory/ntap-20230908-0004/
web.mit.edu/kerberos/www/advisories/
Related
openvas
openvas
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-2899)
2023-10-09 00:00:00
Debian: Security Advisory (DLA-3626-1)
2023-10-23 00:00:00
Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-3034)
2023-10-31 00:00:00
nessus
nessus
CBL Mariner 2.0 Security Update: krb5 (CVE-2023-36054)
2023-08-31 00:00:00
EulerOS Virtualization 2.9.0 : krb5 (EulerOS-SA-2023-3100)
2024-01-16 00:00:00
EulerOS 2.0 SP5 : krb5 (EulerOS-SA-2024-1145)
2024-02-08 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-36054 affecting package krb5 for versions less than 1.19.4-2
2023-08-30 14:44:06
osv
osv
krb5 vulnerability
2023-11-01 11:26:31
krb5 vulnerability
2023-11-06 09:36:15
CVE-2023-36054
2023-08-07 19:15:09
cloudfoundry
cloudfoundry
USN-6467-2: Kerberos vulnerability | Cloud Foundry
2023-11-09 00:00:00
cve
cve
CVE-2023-36054
2023-08-07 19:15:09
redhatcve
redhatcve
CVE-2023-36054
2023-08-22 17:50:19
amazon
amazon
Medium: krb5
2023-08-30 17:56:00
Medium: krb5
2023-08-31 22:28:00
ubuntu
ubuntu
Kerberos vulnerability
2023-11-01 00:00:00
Kerberos vulnerability
2023-11-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-08-11 04:04:24
redos
redos
ROS-20240405-04
2024-04-05 00:00:00
cvelist
cvelist
CVE-2023-36054
2023-08-07 00:00:00
ibm
ibm
debiancve
debiancve
CVE-2023-36054
2023-08-07 19:15:09
debian
debian
[SECURITY] [DLA 3626-1] krb5 security update
2023-10-22 20:50:22
nvd
nvd
CVE-2023-36054
2023-08-07 19:15:09
ubuntucve
ubuntucve
CVE-2023-36054
2023-08-07 00:00:00
slackware
slackware
[slackware-security] krb5
2023-07-12 20:49:22
redhat
redhat
(RHSA-2023:6699) Moderate: krb5 security and bug fix update
2023-11-07 06:12:13
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0624
2023-08-01 00:00:00
Moderate Photon OS Security Update - PHSA-2023-5.0-0062
2023-08-01 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0102
2021-09-17 00:00:00
almalinux
almalinux
Moderate: krb5 security and bug fix update
2023-11-07 00:00:00
oraclelinux
oraclelinux
krb5 security and bug fix update
2023-11-11 00:00:00
gentoo
gentoo
MIT krb5: Multiple Vulnerabilities
2024-05-05 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00