CVE-2023-36054

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-36054
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36054.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-36054
Downstream
Related
Published
2023-08-07T19:15:09Z
Modified
2025-10-21T02:36:24Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array count.

References

Affected packages

Git / github.com/krb5/krb5

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ef08b09c9459551aabbe7924fb176f1583053cdd

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "292458871393797026895224770310205177433",
            "length": 1784.0
        },
        "target": {
            "file": "src/lib/kadm5/kadm_rpc_xdr.c",
            "function": "_xdr_kadm5_principal_ent_rec"
        },
        "signature_version": "v1",
        "id": "CVE-2023-36054-470cf1b5",
        "deprecated": false,
        "source": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "334156890665377397254782129423192701014",
                "291711314844331628929990863608957466062",
                "78628825109575425569660732236780644162",
                "261916500496618123580874075940328985736",
                "30376023932640832738304776029120750510",
                "52577924269244501238970656709228176349",
                "142673664801473503695693422137628437538",
                "247089036493975321463435678447079451818",
                "268291072872507344209176579942598505100",
                "283004837450157505273504451698654990402",
                "198860051218332904966840358757088003952",
                "332792275552660967371033837008166398627",
                "181968824239837814858031817203727806594",
                "289882732570170768537025219367137493777"
            ]
        },
        "target": {
            "file": "src/lib/kadm5/kadm_rpc_xdr.c"
        },
        "signature_version": "v1",
        "id": "CVE-2023-36054-ea2fc528",
        "deprecated": false,
        "source": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd"
    }
]