Bug 2140960 (CVE-2022-42898) - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing
Summary: CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-42898
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2140961 2140962 2140963 2140964 2140965 2140966 2140967 2140968 2140969 2140970 2140971 2142753 2143009 2143010 2143011 2143115 2143116 2143117 2143118 2143119 2143120 2143121 2143122 2143145
Blocks: 2140956
TreeView+ depends on / blocked
 
Reported: 2022-11-08 09:13 UTC by Sandipan Roy
Modified: 2023-03-06 14:12 UTC (History)
21 users (show)

Fixed In Version: krb5 1.20.1, krb5 1.19.4
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.
Clone Of:
Environment:
Last Closed: 2022-12-15 17:18:35 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:8654 0 None None None 2022-11-28 15:45:18 UTC
Red Hat Product Errata RHBA-2022:8655 0 None None None 2022-11-28 15:45:45 UTC
Red Hat Product Errata RHBA-2022:8659 0 None None None 2022-11-28 18:27:35 UTC
Red Hat Product Errata RHBA-2022:8664 0 None None None 2022-11-29 08:51:00 UTC
Red Hat Product Errata RHBA-2022:8665 0 None None None 2022-11-29 08:58:18 UTC
Red Hat Product Errata RHBA-2022:8666 0 None None None 2022-11-29 09:02:17 UTC
Red Hat Product Errata RHBA-2022:8668 0 None None None 2022-11-29 12:25:36 UTC
Red Hat Product Errata RHBA-2022:8687 0 None None None 2022-11-29 14:12:26 UTC
Red Hat Product Errata RHBA-2022:8693 0 None None None 2022-11-29 21:58:40 UTC
Red Hat Product Errata RHBA-2022:8708 0 None None None 2022-11-30 13:41:24 UTC
Red Hat Product Errata RHBA-2022:8710 0 None None None 2022-11-30 14:06:53 UTC
Red Hat Product Errata RHBA-2022:8717 0 None None None 2022-11-30 23:22:28 UTC
Red Hat Product Errata RHBA-2022:8718 0 None None None 2022-11-30 23:22:02 UTC
Red Hat Product Errata RHBA-2022:8720 0 None None None 2022-12-01 01:30:45 UTC
Red Hat Product Errata RHBA-2022:8721 0 None None None 2022-12-01 01:31:06 UTC
Red Hat Product Errata RHBA-2022:8722 0 None None None 2022-12-01 01:37:22 UTC
Red Hat Product Errata RHBA-2022:8723 0 None None None 2022-12-01 01:38:38 UTC
Red Hat Product Errata RHBA-2022:8724 0 None None None 2022-12-01 01:44:27 UTC
Red Hat Product Errata RHBA-2022:8725 0 None None None 2022-12-01 01:45:31 UTC
Red Hat Product Errata RHBA-2022:8726 0 None None None 2022-12-01 01:46:32 UTC
Red Hat Product Errata RHBA-2022:8727 0 None None None 2022-12-01 01:51:44 UTC
Red Hat Product Errata RHBA-2022:8728 0 None None None 2022-12-01 01:53:08 UTC
Red Hat Product Errata RHBA-2022:8729 0 None None None 2022-12-01 01:53:56 UTC
Red Hat Product Errata RHBA-2022:8730 0 None None None 2022-12-01 01:58:03 UTC
Red Hat Product Errata RHBA-2022:8731 0 None None None 2022-12-01 06:10:43 UTC
Red Hat Product Errata RHBA-2022:8732 0 None None None 2022-12-01 06:10:53 UTC
Red Hat Product Errata RHBA-2022:8733 0 None None None 2022-12-01 10:52:12 UTC
Red Hat Product Errata RHBA-2022:8734 0 None None None 2022-12-01 12:33:55 UTC
Red Hat Product Errata RHBA-2022:8737 0 None None None 2022-12-01 16:38:02 UTC
Red Hat Product Errata RHBA-2022:8739 0 None None None 2022-12-01 12:44:09 UTC
Red Hat Product Errata RHBA-2022:8743 0 None None None 2022-12-01 12:44:18 UTC
Red Hat Product Errata RHBA-2022:8744 0 None None None 2022-12-01 12:40:04 UTC
Red Hat Product Errata RHBA-2022:8745 0 None None None 2022-12-01 12:46:11 UTC
Red Hat Product Errata RHBA-2022:8746 0 None None None 2022-12-01 13:35:06 UTC
Red Hat Product Errata RHBA-2022:8747 0 None None None 2022-12-01 13:33:03 UTC
Red Hat Product Errata RHBA-2022:8748 0 None None None 2022-12-01 16:03:36 UTC
Red Hat Product Errata RHBA-2022:8749 0 None None None 2022-12-01 15:51:46 UTC
Red Hat Product Errata RHBA-2022:8752 0 None None None 2022-12-01 19:13:39 UTC
Red Hat Product Errata RHBA-2022:8753 0 None None None 2022-12-01 19:13:05 UTC
Red Hat Product Errata RHBA-2022:8754 0 None None None 2022-12-01 19:12:08 UTC
Red Hat Product Errata RHBA-2022:8755 0 None None None 2022-12-01 19:53:16 UTC
Red Hat Product Errata RHBA-2022:8756 0 None None None 2022-12-01 20:34:22 UTC
Red Hat Product Errata RHBA-2022:8757 0 None None None 2022-12-01 19:52:07 UTC
Red Hat Product Errata RHBA-2022:8758 0 None None None 2022-12-01 20:43:19 UTC
Red Hat Product Errata RHBA-2022:8759 0 None None None 2022-12-01 21:13:36 UTC
Red Hat Product Errata RHBA-2022:8763 0 None None None 2022-12-02 17:14:19 UTC
Red Hat Product Errata RHBA-2022:8764 0 None None None 2022-12-02 17:14:14 UTC
Red Hat Product Errata RHBA-2022:8773 0 None None None 2022-12-05 11:16:43 UTC
Red Hat Product Errata RHBA-2022:8774 0 None None None 2022-12-05 11:12:49 UTC
Red Hat Product Errata RHBA-2022:8775 0 None None None 2022-12-05 11:41:53 UTC
Red Hat Product Errata RHBA-2022:8776 0 None None None 2022-12-05 11:44:32 UTC
Red Hat Product Errata RHBA-2022:8779 0 None None None 2022-12-05 15:31:24 UTC
Red Hat Product Errata RHBA-2022:8823 0 None None None 2022-12-06 10:24:06 UTC
Red Hat Product Errata RHBA-2022:8837 0 None None None 2022-12-06 16:40:04 UTC
Red Hat Product Errata RHBA-2022:8839 0 None None None 2022-12-06 16:53:15 UTC
Red Hat Product Errata RHBA-2022:8875 0 None None None 2022-12-07 06:57:03 UTC
Red Hat Product Errata RHBA-2022:8878 0 None None None 2022-12-07 10:47:55 UTC
Red Hat Product Errata RHBA-2022:8879 0 None None None 2022-12-07 10:47:31 UTC
Red Hat Product Errata RHBA-2022:8885 0 None None None 2022-12-07 12:50:41 UTC
Red Hat Product Errata RHBA-2022:8901 0 None None None 2022-12-08 12:18:04 UTC
Red Hat Product Errata RHBA-2022:8930 0 None None None 2022-12-12 18:02:18 UTC
Red Hat Product Errata RHBA-2022:8968 0 None None None 2022-12-13 14:38:15 UTC
Red Hat Product Errata RHBA-2022:9015 0 None None None 2022-12-13 19:34:32 UTC
Red Hat Product Errata RHBA-2022:9022 0 None None None 2022-12-14 12:34:13 UTC
Red Hat Product Errata RHBA-2022:9024 0 None None None 2022-12-14 14:26:59 UTC
Red Hat Product Errata RHBA-2022:9025 0 None None None 2022-12-14 14:19:55 UTC
Red Hat Product Errata RHBA-2022:9031 0 None None None 2022-12-14 15:48:12 UTC
Red Hat Product Errata RHBA-2022:9048 0 None None None 2022-12-15 11:52:05 UTC
Red Hat Product Errata RHBA-2022:9052 0 None None None 2022-12-15 14:33:24 UTC
Red Hat Product Errata RHBA-2022:9095 0 None None None 2022-12-15 21:05:30 UTC
Red Hat Product Errata RHBA-2023:0011 0 None None None 2023-01-02 10:49:15 UTC
Red Hat Product Errata RHBA-2023:0174 0 None None None 2023-01-16 09:35:52 UTC
Red Hat Product Errata RHBA-2023:0488 0 None None None 2023-01-30 14:49:19 UTC
Red Hat Product Errata RHBA-2023:1071 0 None None None 2023-03-06 14:12:33 UTC
Red Hat Product Errata RHBA-2023:1072 0 None None None 2023-03-06 14:11:52 UTC
Red Hat Product Errata RHSA-2022:8637 0 None None None 2022-11-28 09:23:56 UTC
Red Hat Product Errata RHSA-2022:8638 0 None None None 2022-11-28 09:28:57 UTC
Red Hat Product Errata RHSA-2022:8639 0 None None None 2022-11-28 09:44:07 UTC
Red Hat Product Errata RHSA-2022:8640 0 None None None 2022-11-28 09:56:49 UTC
Red Hat Product Errata RHSA-2022:8641 0 None None None 2022-11-28 09:52:11 UTC
Red Hat Product Errata RHSA-2022:8648 0 None None None 2022-11-28 10:41:24 UTC
Red Hat Product Errata RHSA-2022:8662 0 None None None 2022-11-29 08:39:08 UTC
Red Hat Product Errata RHSA-2022:8663 0 None None None 2022-11-29 08:49:42 UTC
Red Hat Product Errata RHSA-2022:8669 0 None None None 2022-11-29 12:54:52 UTC
Red Hat Product Errata RHSA-2022:9029 0 None None None 2022-12-14 14:16:39 UTC

Description Sandipan Roy 2022-11-08 09:13:39 UTC 
Three integer overflow vulnerabilities have been discovered in the MIT krb5 library function krb5_parse_pac()
Comment 4 Zack Miele 2022-11-15 19:31:19 UTC 
Created krb5 tracking bugs for this issue:

Affects: fedora-35 [bug 2143009]
Affects: fedora-36 [bug 2143010]
Comment 5 Zack Miele 2022-11-15 19:33:21 UTC 
Created krb5 tracking bugs for this issue:

Affects: fedora-37 [bug 2143011]
Comment 6 Sandipan Roy 2022-11-16 05:22:45 UTC 
Created freeipa tracking bugs for this issue:

Affects: fedora-35 [bug 2143118]
Affects: fedora-36 [bug 2143119]
Affects: fedora-37 [bug 2143120]


Created samba tracking bugs for this issue:

Affects: fedora-35 [bug 2143115]
Affects: fedora-36 [bug 2143116]
Affects: fedora-37 [bug 2143117]
Comment 10 errata-xmlrpc 2022-11-28 09:23:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8637 https://access.redhat.com/errata/RHSA-2022:8637
Comment 11 errata-xmlrpc 2022-11-28 09:28:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:8638 https://access.redhat.com/errata/RHSA-2022:8638
Comment 12 errata-xmlrpc 2022-11-28 09:44:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:8639 https://access.redhat.com/errata/RHSA-2022:8639
Comment 13 errata-xmlrpc 2022-11-28 09:52:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:8641 https://access.redhat.com/errata/RHSA-2022:8641
Comment 14 errata-xmlrpc 2022-11-28 09:56:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:8640 https://access.redhat.com/errata/RHSA-2022:8640
Comment 15 errata-xmlrpc 2022-11-28 10:41:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2022:8648 https://access.redhat.com/errata/RHSA-2022:8648
Comment 16 errata-xmlrpc 2022-11-29 08:39:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2022:8662 https://access.redhat.com/errata/RHSA-2022:8662
Comment 17 errata-xmlrpc 2022-11-29 08:49:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:8663 https://access.redhat.com/errata/RHSA-2022:8663
Comment 18 errata-xmlrpc 2022-11-29 12:54:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2022:8669 https://access.redhat.com/errata/RHSA-2022:8669
Comment 19 errata-xmlrpc 2022-12-14 14:16:37 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:9029 https://access.redhat.com/errata/RHSA-2022:9029
Comment 20 Product Security DevOps Team 2022-12-15 17:18:31 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-42898
Note You need to log in before you can comment on or make changes to this bug.