Remote Code Execution Vulnerability in MIT Kerberos 5 Key Distribution Center
CVE-2021-36222

7.5HIGH

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
22 July 2021

What is CVE-2021-36222?

A vulnerability in the Key Distribution Center (KDC) of MIT Kerberos 5 versions prior to 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to exploit improper return value handling in the ec_verify function, resulting in a NULL pointer dereference and causing the daemon to crash. This security flaw poses a risk to systems that depend on these versions, leading to potential service interruptions.

References

https://web.mit.edu/kerberos/advisories/
x_refsource_MISC
https://github.com/krb5/krb5/releases
x_refsource_MISC
https://www.debian.org/security/2021/dsa-4944
vendor-advisoryx_refsource_DEBIAN

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.