6 matches found
CLSA-2023-1700161076 Fix CVE(s): CVE-2023-36054
SECURITY UPDATE: Remote authenticated user can trigger a kadmind crash - debian/patches/CVE-2023-36054.patch: ensure array count consistency in kadm5 RPC - CVE-2023-36054...
CLSA-2023-1700160468 Fix CVE(s): CVE-2023-36054
SECURITY UPDATE: Remote authenticated user can trigger a kadmind crash - debian/patches/CVE-2023-36054.patch: ensure array count consistency in kadm5 RPC - CVE-2023-36054...
samba: infinite loop in mdssvc RPC service for spotlight
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...