9 matches found
SUSE CVE-2026-11850
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
UBUNTU-CVE-2026-11850
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2026-11850
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
CVE-2026-11850
CVE-2026-11850 affects MIT Kerberos 5; the vulnerability is an integer underflow in berval2tl_data() inside ldap_principal2.c, where unsigned bv_len - 2 lacks bounds checking. When bv_len is 0 or 1, the subtraction underflows to 0xFFFE/0xFFFF and is then memcpy’d from a 0–1 byte buffer, causing a...
CVE-2026-11850
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
PT-2026-48636
An integer underflow vulnerability was found in MIT krb5 in the berval2tl data function in plugins/kdb/ldap/libkdb ldap/ldap principal2.c. The function performs an unsigned subtraction bv len - 2 without a prior bounds check. When bv len is 0 or 1, the subtraction wraps to a large value which is...
CVE-2023-36054
lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...