Remote Code Execution Vulnerability in MIT Kerberos 5 by MIT
CVE-2023-36054

6.5MEDIUM

Key Information:

Vendor: Mit
Status: Kerberos 5
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-36054?

A vulnerability exists in MIT Kerberos 5 prior to versions 1.20.2 and 1.21.1 that allows a remote authenticated user to cause a crash of the kadmind service. This issue arises from the lack of validation between the number of key data elements and the provided key_data array count in the _xdr_kadm5_principal_ent_rec function, which can lead to freeing an uninitialized pointer. Timely updates are recommended to mitigate potential risks.

References

https://web.mit.edu/kerberos/www/advisories/

https://github.com/krb5/krb5/compare/krb5-1.21-final...kr...

https://github.com/krb5/krb5/compare/krb5-1.20.1-final......

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jun 21, 2023

CVE-2023-36054 Data

JSON

Mit

What is CVE-2023-36054?

References

CVSS V3.1

Timeline