In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | krb5-0:1.21.3-10.el10_2 | * |
| Red Hat Enterprise Linux 8 | RedHat | krb5-0:1.18.2-34.el8_10 | * |
| Red Hat Enterprise Linux 9 | RedHat | krb5-0:1.21.1-10.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | krb5-0:1.21.1-10.el9_8 | * |
| Red Hat Hardened Images | RedHat | krb5-main-1.22.2-7.hum1 | * |
| Red Hat Insights proxy 1.5 | RedHat | insights-proxy/insights-proxy-container-rhel9:1780420428 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/cds-rhel9:1779798159 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/haproxy-rhel9:1779798164 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/installer-rhel9:1779798165 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/rhua-rhel9:1779798222 | * |
| Krb5 | Ubuntu | esm-infra/xenial | * |