PT-2020-6887 · Mit+10 · Mit Kerberos 5+9

Published

2020-11-06

·

Updated

2025-12-03

·

CVE-2020-28196

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.17.2 and earlier, 1.18.x versions prior to 1.18.3 MySQL Server version 8.0.23 and earlier
Description The issue is related to unbounded recursion via an ASN.1-encoded Kerberos message due to the lack of a recursion limit in the support for BER indefinite lengths in the lib/krb5/asn.1/asn1 encode.c file. This can lead to a denial of service. The vulnerability can be exploited by a remote attacker, potentially causing the system to hang or crash repeatedly.
Recommendations For MIT Kerberos 5 versions 1.17.2 and earlier, update to version 1.17.2 or later. For MIT Kerberos 5 versions 1.18.x prior to 1.18.3, update to version 1.18.3 or later. For MySQL Server version 8.0.23 and earlier, update to a version later than 8.0.23. As a temporary workaround, consider restricting access to the Kerberos authentication mechanism until a patch is available.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2020-3361
ALT-PU-2020-3405
ALT-PU-2021-1686
ALT-PU-2021-2079
ALT-PU-2021-2380
ALT-PU-2021-3668
BDU:2023-03437
CESA-2021_1593
CVE-2020-28196
DLA-2437-1
DSA-4795-1
MGASA-2021-0022
OESA-2021-1026
OPENSUSE-SU-2020:2037-1
OPENSUSE-SU-2020:2062-1
OPENSUSE-SU-2020_2037-1
OPENSUSE-SU-2020_2062-1
OPENSUSE-SU-2024:11549-1
RHSA-2021:1593
RHSA-2021:2239
RHSA-2021_1593
RLSA-2021:1593
SUSE-SU-2020:3375-1
SUSE-SU-2020:3377-1
SUSE-SU-2020:3379-1
SUSE-SU-2020_3375-1
SUSE-SU-2020_3377-1
SUSE-SU-2020_3379-1
USN-4635-1

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Mit Kerberos 5
Mysql Server
Red Hat
Rocky Linux
Suse
Ubuntu