lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array count.
{
"cna_assigner": "mitre",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36054.json"
}{
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.20.2"
},
{
"introduced": "1.21-NA"
},
{
"last_affected": "1.21-NA"
},
{
"introduced": "1.21-beta1"
},
{
"last_affected": "1.21-beta1"
}
],
"cpe": [
"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.21:-:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.21:beta1:*:*:*:*:*:*"
]
}