VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6u99-q9jp-uufv

Essentials
Severities (38)
References (25)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6u99-q9jp-uufv
Aliases	CVE-2023-36054
Summary	lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-824

Access of Uninitialized Pointer

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00648	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss	0.00704	https://api.first.org/data/v1/epss?cve=CVE-2023-36054
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
ssvc	Track	https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
ssvc	Track	https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-36054
ssvc	Track	https://security.netapp.com/advisory/ntap-20230908-0004/
ssvc	Track	https://web.mit.edu/kerberos/www/advisories/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-36054
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1043431		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431
2230178		https://bugzilla.redhat.com/show_bug.cgi?id=2230178
advisories		https://web.mit.edu/kerberos/www/advisories/
cpe:2.3:a:mit:kerberos_5::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5::::::::
cpe:2.3:a:mit:kerberos_5:1.21:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.21:-::::::
cpe:2.3:a:mit:kerberos_5:1.21:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.21:beta1::::::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:clustered_data_ontap:9.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:9.0:-::::::
cpe:2.3:a:netapp:hci:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci:-:::::::*
cpe:2.3:a:netapp:management_services_for_element_software:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:management_services_for_element_software:-:::::::*
cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2023-36054		https://nvd.nist.gov/vuln/detail/CVE-2023-36054
ef08b09c9459551aabbe7924fb176f1583053cdd		https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
krb5-1.20.1-final...krb5-1.20.2-final		https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
krb5-1.21-final...krb5-1.21.1-final		https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final
msg00031.html		https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html
ntap-20230908-0004		https://security.netapp.com/advisory/ntap-20230908-0004/
RHSA-2023:6699		https://access.redhat.com/errata/RHSA-2023:6699
USN-6467-1		https://usn.ubuntu.com/6467-1/
USN-6467-2		https://usn.ubuntu.com/6467-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/ Found at https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/ Found at https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/ Found at https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/ Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36054

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/ Found at https://security.netapp.com/advisory/ntap-20230908-0004/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/ Found at https://web.mit.edu/kerberos/www/advisories/

Exploit Prediction Scoring System (EPSS)

Percentile	0.69873
EPSS Score	0.00648
Published At	Sept. 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:34:42.014456+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/6467-2/	37.0.0