Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-27613

TRIAGE-CVE-2023-36054 krb5-libs: krb5: Denial of service through freeing uninitialized pointer [services-eventing-default]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Unset
    • No

      Security Issue Notification

      Do not make this issue public.

      This is a preliminary notification of a potential vulnerability under the accelerated "Triage Tracker" program introduced between Product Security and Engineering to allow deeper collaboration.

      The in-depth analysis is ongoing, and details are expected to change until such time as it concludes.

      Be aware that someone other than the analyst performing the Secondary Assessment will usually create the triage tracker. The best option is to comment in the tracker and wait for a reply. Based on your regular interactions, if you know the Incident Response Analyst for your offering, you can reach out to them directly or add a private comment in the triage tracker or in the flaw bug for their attention.

      Please refer to the FAQ page for more information - https://source.redhat.com/departments/products_and_global_engineering/product_security/content/product_security_wiki/incident_response_coordination_faq
      Impact: Moderate
      Reported Date: 08-Aug-2023
      Bug is not bound by a Security SLA. Use your own judgement. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug.

      Please review this tracker and its impact on your product or service, as soon as possible. The trackers are filed WITHOUT in-depth analysis as the vulnerability has a Low or Moderate severity impact on this product or service. For more details, please refer to following confluence page - https://docs.engineering.redhat.com/x/3e_3EQ

      Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw

      Flaw:


      TRIAGE-CVE-2023-36054 krb5: Denial of service through freeing uninitialized pointer
      https://bugzilla.redhat.com/show_bug.cgi?id=2230178

      lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

      References:

      https://web.mit.edu/kerberos/www/advisories/
      https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
      https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
      https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final

              Unassigned Unassigned
              rhn-support-mjuneau Matthew Juneau
              Greg McCullough, Jennifer Samir, Josejulio Martínez, Sureshkumar Thirugnanasambandan, Viliam Krizan
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated: