Lucene search

Veracode Vulnerability DatabaseVERACODE:42713

HistoryAug 11, 2023 - 4:04 a.m.

Denial Of Service (DoS)

2023-08-1104:04:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

vulnerability

memory leakage

kadmin client

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

67.8%

JSON

libkrb5.so is vulnerable to Denial Of Service (DoS). The vulnerability exists in the _xdr_kadm5_principal_ent_rec function of kadm_rpc_xdr.c because it does not validate the relationship between n_key_data and key_data array count when decoding, leading to the leakage of some memory or freeing uninitialized pointers, allowing an attacker with control of a kadmin server to crash the kadmin client

CPENameOperatorVersion
libkrb5.sole3.3
libkrb5.sole3.3

CPE	Name	Operator	Version
	libkrb5.so	le	3.3
	libkrb5.so	le	3.3

References

bugzilla.suse.com/show_bug.cgi?id=1214054

github.com/advisories/GHSA-39q6-4vrm-fv3g

github.com/krb5/krb5/commit/03561e73371554e163333c1133266292b8936a0f

github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd

github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final

github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final

lists.debian.org/debian-lts-announce/2023/10/msg00031.html

security.netapp.com/advisory/ntap-20230908-0004/

web.mit.edu/kerberos/www/advisories/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for VERACODE:42713