Published: 07/08/2023 Updated: 15/11/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) prior to 1.20.2 and 1.21.x prior to 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.21
mit kerberos 5
debian debian linux 10.0
netapp hci -
netapp active iq unified manager -
netapp management services for element software -
netapp ontap tools -
netapp clustered data ontap 9.0

Debian Bug report logs - #1043431 krb5: CVE-2023-36054 Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 10 Aug 2023 21:15:06 UTC Severity: important Tags: security, upstream Found in version krb5/1201-2 Reply or s ...

概述 Important: OpenShift Virtualization 4136 security and bug fix update 类型/严重性 Security Advisory: Important 标题 Red Hat OpenShift Virtualization release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security i ...

Synopsis Important: OpenShift Virtualization 4141 security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4141 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security imp ...

Synopsis Important: Red Hat Ceph Storage 61 security, enhancements, and bug fix update Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem Catalog Description Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines ...

Synopsis Moderate: krb5 security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as havin ...

Synopsis Low: Logging Subsystem 581- Red Hat OpenShift security update Type/Severity Security Advisory: Low Topic An update is now available for RHOL-58-RHEL-9Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...

Synopsis Important: cert-manager Operator for Red Hat OpenShift 1115 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1115Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

Synopsis Important: cert-manager Operator for Red Hat OpenShift 1121 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1121Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

lib/kadm5/kadm_rpc_xdrc in MIT Kerberos 5 (aka krb5) before 1202 and 121x before 1211 frees an uninitialized pointer A remote authenticated user can trigger a kadmind crash This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count (CVE-2023-36054) ...

DescriptionThe MITRE CVE dictionary describes this issue as: lib/kadm5/kadm_rpc_xdrc in MIT Kerberos 5 (aka krb5) before 1202 and 121x before 1211 frees an uninitialized pointer A remote authenticated user can trigger a kadmind crash This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and ...

Critical Infrastructure Sectors: Critical Manufacturing

Github action to check findings of aws inspector scans

Check AWS Inspector V11 This action can be used to check the findings of an amazon inspector scan It has only been tested with inspector v2 Currently the action also only supports checking the results of scans on images pushed to ecr May be modified for lambdas and ec2 instances in the future Usage - uses: ecperth/check-aws-inspector@v11 with: # ecr repository n

CWE-824 https://web.mit.edu/kerberos/www/advisories/https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://security.netapp.com/advisory/ntap-20230908-0004/https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431 https://nvd.nist.gov https://github.com/ecperth/check-aws-inspector https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://alas.aws.amazon.com/AL2/ALAS-2023-2225.html

Get Started

CVE-2023-36054

Vulnerability Summary

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect