VulnerableCode Package Details - pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u3

Search for packages

Package details: pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u3

Essentials
History (0)

purl	pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u3
Tags	Ghost

Next non-vulnerable version	1.20.1-2+deb12u4
Latest non-vulnerable version	1.21.3-5
Risk	3.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-puwp-5xjq-aaap Aliases: CVE-2023-36054	lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.	1.18.3-6+deb11u4 Affected by 0 other vulnerabilities. 1.18.3-6+deb11u5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.20.1-2+deb12u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-puwp-5xjq-aaap
Aliases:
CVE-2023-36054

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

1.18.3-6+deb11u4
Affected by 0 other vulnerabilities.

1.18.3-6+deb11u5
Affected by 2 other vulnerabilities.

1.20.1-2+deb12u1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version