MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 May 2022, 14:47
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Oracle mysql Server Netapp cloud Backup Oracle communications Pricing Design Center Fedoraproject fedora Netapp Netapp snapcenter Netapp oncommand Workflow Automation Netapp oncommand Insight Oracle Oracle communications Cloud Native Core Policy Netapp active Iq Unified Manager Oracle communications Offline Mediation Controller |
|
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4795 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210513-0002/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201202-0001/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/ - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 May 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-11-06 08:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-28196
Mitre link : CVE-2020-28196
CVE.ORG link : CVE-2020-28196
JSON object : View
Products Affected
oracle
- mysql_server
- communications_cloud_native_core_policy
- communications_offline_mediation_controller
- communications_pricing_design_center
netapp
- cloud_backup
- oncommand_insight
- snapcenter
- active_iq_unified_manager
- oncommand_workflow_automation
mit
- kerberos_5
fedoraproject
- fedora
CWE
CWE-674
Uncontrolled Recursion