Lucene search

Alpine Linux Development TeamALPINE:CVE-2023-36054

HistoryAug 07, 2023 - 7:15 p.m.

CVE-2023-36054

2023-08-0719:15:09

Alpine Linux Development Team

security.alpinelinux.org

mit kerberos 5

uninitialized pointer

remote crash

kadmind

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

OSVersionArchitecturePackageVersionFilename
Alpine3.17-mainnoarchkrb5< 1.20.2-r0UNKNOWN
Alpine3.18-mainnoarchkrb5< 1.20.2-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.17-main	noarch	krb5	< 1.20.2-r0	UNKNOWN
Alpine	3.18-main	noarch	krb5	< 1.20.2-r0	UNKNOWN

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for ALPINE:CVE-2023-36054