Back to search
CVE-2021-36222
Published: Jul 22, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://web.mit.edu/kerberos/advisories/
x_refsource_MISC
https://github.com/krb5/krb5/releases
x_refsource_MISC
DSA-4944
vendor-advisory
x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20211022-0003/
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20211104-0007/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now