Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mit
  • Kerberos 5
Redhat
  • Enterprise Linux
  • Linux

Configuration 1 [-]

OR cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2003:052 2003-03-27T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2003:052 2003-03-27T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2003:052 2003-03-27T00:00:00Z
Red Hat Linux 6.2
cpe:/o:redhat:linux:6.2 RHSA-2003:051 2003-03-26T00:00:00Z
Red Hat Linux 7.0
cpe:/o:redhat:linux:7.0 RHSA-2003:051 2003-03-26T00:00:00Z
Red Hat Linux 7.1
cpe:/o:redhat:linux:7.1 RHSA-2003:051 2003-03-26T00:00:00Z
cpe:/o:redhat:linux:7.1 RHSA-2003:168 2003-04-29T00:00:00Z
Red Hat Linux 7.2
cpe:/o:redhat:linux:7.2 RHSA-2003:051 2003-03-26T00:00:00Z
Red Hat Linux 7.3
cpe:/o:redhat:linux:7.3 RHSA-2003:051 2003-03-26T00:00:00Z
Red Hat Linux 8.0
cpe:/o:redhat:linux:8.0 RHSA-2003:051 2003-03-26T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
cpe:/o:redhat:enterprise_linux:2.1 RHSA-2003:052 2003-03-27T00:00:00Z
References
Link Providers
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 cve-icon cve-icon
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt cve-icon cve-icon
http://www.kb.cert.org/vuls/id/587579 cve-icon cve-icon
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 cve-icon cve-icon
http://www.osvdb.org/4896 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2003-051.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2003-052.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2003-168.html cve-icon cve-icon
http://www.securityfocus.com/bid/6713 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/11190 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2002-0036 cve-icon
https://www.cve.org/CVERecord?id=CVE-2002-0036 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T02:35:17.387Z

Reserved: 2002-01-16T00:00:00

Link: CVE-2002-0036

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2003-02-19T05:00:00.000

Modified: 2020-01-21T15:44:53.820

Link: CVE-2002-0036

cve-icon Redhat

Severity : Important

Publid Date: 2003-01-29T00:00:00Z

Links: CVE-2002-0036 - Bugzilla