Published: 22/07/2021 Updated: 28/11/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.18.4 and 1.19.x prior to 1.19.2 allows remote malicious users to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
debian debian linux 10.0
netapp active iq unified manager -
netapp oncommand insight -
netapp oncommand workflow automation -
netapp snapcenter -
oracle mysql server

Debian Bug report logs - #991365 krb5: CVE-2021-36222 Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 21 Jul 2021 15:48:01 UTC Severity: important Tags: security, upstream Found in versions krb5/1183-5, krb5/117-3+de ...

Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...

Synopsis Important: Service Telemetry Framework 14 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 14 for RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...

It was discovered that the Key Distribution Center (KDC) in krb5, the MIT implementation of Kerberos, is prone to a NULL pointer dereference flaw An unauthenticated attacker can take advantage of this flaw to cause a denial of service (KDC crash) by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST For the st ...

No description is available for this CVE ...

In MIT krb5 releases 116 and later before 1192, an unauthenticated attacker can cause a null dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST ...

Critical Infrastructure Sectors: Critical Manufacturing

KCC

Code Challenge Resolution Step1 : Generate dockerfile 1a : Generate docker image (py3venv) dmgardella@abacaxi:~/KCC (main %>)$ docker build -t dmg8/litecoin:118 Sending build context to Docker daemon 1952MB Step 1/17 : FROM ubuntu:2004 2004: Pulling from library/ubuntu Digest: sha256:9d6a8699fb5c9c39cf08a0871bd6219f0400981c570894cd8cbea30d3424a31f Status: Down

CWE-476 https://github.com/krb5/krb5/releases https://web.mit.edu/kerberos/advisories/https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 https://www.debian.org/security/2021/dsa-4944 https://www.oracle.com/security-alerts/cpuoct2021.html https://security.netapp.com/advisory/ntap-20211022-0003/https://security.netapp.com/advisory/ntap-20211104-0007/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365 https://nvd.nist.gov https://github.com/dgardella/KCC https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://www.debian.org/security/2021/dsa-4944

CVE-2021-36222

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect