First published: Fri Nov 06 2020(Updated: )
MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an unbounded recursion flaw in lib/krb5/asn.1/asn1_encode.c. By sending a specially-crafted ASN.1-encoded Kerberos message, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/krb5 | <0:1.18.2-8.el8 | 0:1.18.2-8.el8 |
redhat/redhat-virtualization-host | <0:4.4.6-20210527.3.el8_4 | 0:4.4.6-20210527.3.el8_4 |
debian/krb5 | 1.17-3+deb10u4 1.17-3+deb10u5 1.18.3-6+deb11u4 1.18.3-6+deb11u3 1.20.1-2+deb12u1 1.20.1-4 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
redhat/krb5 | <1.17.2 | 1.17.2 |
redhat/krb5 | <1.18.3 | 1.18.3 |
MIT Kerberos 5 | <1.17.2 | |
MIT Kerberos 5 | >=1.18.0<1.18.3 | |
Fedoraproject Fedora | =31 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Cloud Backup | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Snapcenter | ||
Oracle Communications Cloud Native Core Policy | =1.14.0 | |
Oracle Communications Offline Mediation Controller | =12.0.0.3.0 | |
Oracle Communications Pricing Design Center | =12.0.0.3.0 | |
Oracle Mysql Server | <=8.0.23 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.