In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Weakness
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | krb5-0:1.21.3-10.el10_2 | * |
| Red Hat Enterprise Linux 8 | RedHat | krb5-0:1.18.2-34.el8_10 | * |
| Red Hat Enterprise Linux 9 | RedHat | krb5-0:1.21.1-10.el9_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | krb5-0:1.21.1-10.el9_8 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | krb5-0:1.20.1-9.el9_2.6 | * |
| Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions | RedHat | krb5-0:1.21.1-2.el9_4.5 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | krb5-0:1.21.1-8.el9_6.2 | * |
| Red Hat Hardened Images | RedHat | krb5-main-1.22.2-7.hum1 | * |
| Red Hat Insights proxy 1.5 | RedHat | insights-proxy/insights-proxy-container-rhel9:1780420428 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/cds-rhel9:1779798159 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/haproxy-rhel9:1779798164 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/installer-rhel9:1779798165 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/rhua-rhel9:1779798222 | * |
| Krb5 | Ubuntu | esm-infra/xenial | * |