CVE-2010-0433Improper Input Validation in Openssl

CWE-20Improper Input ValidationCWE-122Heap-based Buffer OverflowCWE-193Off-by-one Error11 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
17.3%
top 4.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
OpensslDebian OpensslVmware Esxi+4 more
Timeline
PublishedMar 5
Latest updateMay 2

Description

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages7 packages

NVDopenssl/openssl0.9.8m+13
vmwarevmware/esxi

🔴Vulnerability Details

1
GHSA
GHSA-5gv7-x3p9-2mf6: The kssl_keytab_is_available function in ssl/kssl2022-05-02

📋Vendor Advisories

5
Red Hat
t1lib: off-by-one errors in token and linetoken2011-03-04
VMware
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX2011-02-10
Red Hat
t1lib: Heap-based buffer overflow DVI file AFM font parser2011-01-30
Red Hat
openssl: crash caused by a missing krb5_sname_to_principal() return value check2010-01-19
Debian
CVE-2010-0433: openssl - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, wh...2010

💬Community

3
Bugzilla
CVE-2011-5244 t1lib: off-by-one errors in token and linetoken2012-11-20
Bugzilla
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]2012-01-10
Bugzilla
CVE-2010-0433 openssl: crash caused by a missing krb5_sname_to_principal() return value check2010-03-02