Search for vulnerabilities
Vulnerability details: VCID-puwp-5xjq-aaap
Vulnerability ID VCID-puwp-5xjq-aaap
Aliases CVE-2023-36054
Summary lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-824 Access of Uninitialized Pointer
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00450 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00515 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00515 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00515 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00515 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00704 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00723 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00723 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00723 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00723 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00723 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.00723 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.02406 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
epss 0.04235 https://api.first.org/data/v1/epss?cve=CVE-2023-36054
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-36054
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-36054
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json
https://api.first.org/data/v1/epss?cve=CVE-2023-36054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final
https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html
https://security.netapp.com/advisory/ntap-20230908-0004/
https://web.mit.edu/kerberos/www/advisories/
1043431 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431
2230178 https://bugzilla.redhat.com/show_bug.cgi?id=2230178
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.21:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.21:-:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.21:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.21:beta1:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*
cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054
GLSA-202405-11 https://security.gentoo.org/glsa/202405-11
RHSA-2023:6699 https://access.redhat.com/errata/RHSA-2023:6699
USN-6467-1 https://usn.ubuntu.com/6467-1/
USN-6467-2 https://usn.ubuntu.com/6467-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36054
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36054
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.74835
EPSS Score 0.00425
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.