StarlingX

[Debian] High CVE: CVE-2023-36054 krb5: a remote authenticated user can trigger a kadmind crash

Bug #2038795 reported by Yue Tao on 2023-10-09

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Triaged	High	Unassigned

Bug Description

CVE-2023-36054: https://nvd.nist.gov/vuln/detail/CVE-2023-36054

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Base Score: High

Reference:

['krb5-multidev_1.18.3-6+deb11u3_amd64.deb===>krb5-multidev_1.18.3-6+deb11u4_amd64.deb', 'libgssapi-krb5-2_1.18.3-6+deb11u3_amd64.deb===>libgssapi-krb5-2_1.18.3-6+deb11u4_amd64.deb', 'libgssrpc4_1.18.3-6+deb11u3_amd64.deb===>libgssrpc4_1.18.3-6+deb11u4_amd64.deb', 'libk5crypto3_1.18.3-6+deb11u3_amd64.deb===>libk5crypto3_1.18.3-6+deb11u4_amd64.deb', 'libkadm5clnt-mit12_1.18.3-6+deb11u3_amd64.deb===>libkadm5clnt-mit12_1.18.3-6+deb11u4_amd64.deb', 'libkadm5srv-mit12_1.18.3-6+deb11u3_amd64.deb===>libkadm5srv-mit12_1.18.3-6+deb11u4_amd64.deb', 'libkrb5-3_1.18.3-6+deb11u3_amd64.deb===>libkrb5-3_1.18.3-6+deb11u4_amd64.deb', 'libkrb5-dev_1.18.3-6+deb11u3_amd64.deb===>libkrb5-dev_1.18.3-6+deb11u4_amd64.deb', 'libkrb5support0_1.18.3-6+deb11u3_amd64.deb===>libkrb5support0_1.18.3-6+deb11u4_amd64.deb']

Tags:

CVE References

2023-36054

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.