CVE-2021-36222

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) versions prior to 1.18.4 MIT Kerberos 5 (krb5) versions 1.19.x prior to 1.19.2 MySQL Server versions 8.0.26 and earlier

Description The issue is related to a NULL pointer dereference in the Key Distribution Center (KDC) component of the Kerberos authentication protocol. This can be exploited by remote attackers to cause a daemon crash, resulting in a denial of service. The vulnerability is also present in the MySQL Server component, specifically in the Server:Compiling(Kerberos) subcomponent, allowing a high-privileged attacker with network access to compromise the MySQL Server, potentially causing a hang or crash.

Recommendations For MIT Kerberos 5 (krb5) versions prior to 1.18.4, update to version 1.18.4 or later. For MIT Kerberos 5 (krb5) versions 1.19.x prior to 1.19.2, update to version 1.19.2 or later. For MySQL Server versions 8.0.26 and earlier, update to a version later than 8.0.26.