MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2020-11-06 00:15
Updated : 2022-05-12 07:47
NVD link : CVE-2020-28196
Mitre link : CVE-2020-28196
JSON object : View
CWE
CWE-674
Uncontrolled Recursion
Products Affected
netapp
- cloud_backup
- oncommand_insight
- active_iq_unified_manager
- oncommand_workflow_automation
- snapcenter
oracle
- mysql_server
- communications_pricing_design_center
- communications_offline_mediation_controller
- communications_cloud_native_core_policy
fedoraproject
- fedora
mit
- kerberos_5