CVE-2023-36054 - OpenCVE

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Management Services For Element Software Ontap Tools Clustered Data Ontap Hci Active Iq Unified Manager
Debian	Debian Linux
Mit	Kerberos 5

Configuration 1 [-]

OR	cpe:2.3:a:mit:kerberos_5::::::::
	cpe:2.3:a:mit:kerberos_5:1.21:-::::::
	cpe:2.3:a:mit:kerberos_5:1.21:beta1::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:clustered_data_ontap:9.0:-::::::
	cpe:2.3:a:netapp:hci:-:::::::*
	cpe:2.3:a:netapp:management_services_for_element_software:-:::::::*
	cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::

References

Link	Resource
https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd	Patch
https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final	Patch
https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final	Patch
https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20230908-0004/	Third Party Advisory
https://web.mit.edu/kerberos/www/advisories/	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-07T00:00:00

Updated: 2023-10-22T22:06:16.416880

Reserved: 2023-06-21T00:00:00

Link: CVE-2023-36054

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-07T19:15:09.840

Modified: 2023-11-15T03:23:27.470

Link: CVE-2023-36054

JSON object: View

Redhat Information

No data.

CWE

CWE-824

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F862235-F5E3-46F0-8907-5521B79DD14D", "versionEndExcluding": "1.20.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.21:-:*:*:*:*:*:*", "matchCriteriaId": "77FA11D6-3074-412F-9008-A4F690C79133", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.21:beta1:*:*:*:*:*:*", "matchCriteriaId": "5096413B-6BEE-424A-A198-C01934E45000", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*", "matchCriteriaId": "52DE3DFE-350F-4E83-B425-1D7D47BEF6DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count."}], "id": "CVE-2023-36054", "lastModified": "2023-11-15T03:23:27.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-07T19:15:09.840", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230908-0004/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://web.mit.edu/kerberos/www/advisories/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "nvd@nist.gov", "type": "Primary"}]}