lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) prior to 1.20.2 and 1.21.x prior to 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mit kerberos 5 1.21 |
||
mit kerberos 5 |
||
debian debian linux 10.0 |
||
netapp hci - |
||
netapp active iq unified manager - |
||
netapp management services for element software - |
||
netapp ontap tools - |
||
netapp clustered data ontap 9.0 |