CVE-2021-36222
published 2021-07-22CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
10.28%
95.1th percentile
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.18.3-6 (bookworm) | krb5 1.18.3-6 (bookworm) |
| mit | kerberos_5 | < 1.18.4 | 1.18.4 |
| mit | kerberos_5 | >= 1.19.0 < 1.19.2 | 1.19.2 |
| mit | krb5 | >= 0 < 1.18.3-6 | 1.18.3-6 |
| mit | krb5 | >= 0 < 1.18.3-6 | 1.18.3-6 |
| mit | krb5 | >= 0 < 1.18.3-6 | 1.18.3-6 |
| mit | krb5 | >= 0 < 1.18.3-6 | 1.18.3-6 |
| mit | krb5 | >= 0 < 1.16-2ubuntu0.4 | 1.16-2ubuntu0.4 |
| mit | krb5 | >= 0 < 1.17-6ubuntu4.3 | 1.17-6ubuntu4.3 |
| msrc | cbl2_krb5_1.19.2-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_krb5_1.18.4-1_on_cbl_mariner_1.0 | — | — |
| oracle | mysql_server | 8.0.0 – 8.0.26 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
krb5 vulnerabilities
osv·2023-03-16·CVSS 7.5
CVE-2021-36222 [HIGH] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled memory when processing
KDC data, which could lead to a NULL pointer dereference. An attacker could
possibly use this issue to cause a denial of service or have other
unspecified impacts. (CVE-2021-36222, CVE-2021-37750)
GHSA
GHSA-7gwg-3h62-pwf5: ec_verify in kdc/kdc_preauth_ec
ghsa_unreviewed·2022-05-24
CVE-2021-36222 [HIGH] CWE-476 GHSA-7gwg-3h62-pwf5: ec_verify in kdc/kdc_preauth_ec
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
OSV
CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec
osv·2021-07-22·CVSS 7.5
CVE-2021-36222 [HIGH] CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2023-03-16·CVSS 7.5
CVE-2021-36222 [HIGH] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly handled memory when processing
KDC data, which could lead to a NULL pointer dereference. An attacker could
possibly use this issue to cause a denial of service or have other
unspecified impacts. (CVE-2021-36222, CVE-2021-37750)
Instructions: In general, a standard system update will make all the necessary changes.
Oracle
Oracle Oracle MySQL Risk Matrix: Server: Compiling (Kerberos) — CVE-2021-36222
vendor_oracle·2021-10-15·CVSS 7.5
CVE-2021-36222 [HIGH] Oracle Oracle MySQL Risk Matrix: Server: Compiling (Kerberos) — CVE-2021-36222
Oracle Oracle MySQL Risk Matrix: Server: Compiling (Kerberos) vulnerability
CVE: CVE-2021-36222
CVSS: 7.5
Protocol: MySQL Protocol
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2021 (OCT 2021)
Microsoft
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference a
vendor_msrc·2021-07-13·CVSS 7.5
CVE-2021-36222 [HIGH] CWE-476 ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference a
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this
Red Hat
krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS
vendor_redhat·2021-07-12·CVSS 7.5
CVE-2021-36222 [HIGH] CWE-476 krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS
krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
A flaw was found in krb5. This flaw allows an unauthenticated attacker to cause a NULL dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST. The highest threat from this vulnerability is to system availability.
Package: krb5 (Red Hat Enterprise Linux 7) - Out of support scope
Package
Debian
CVE-2021-36222: krb5 - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Ke...
vendor_debian·2021·CVSS 7.5
CVE-2021-36222 [HIGH] CVE-2021-36222: krb5 - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Ke...
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
Scope: local
bookworm: resolved (fixed in 1.18.3-6)
bullseye: resolved (fixed in 1.18.3-6)
forky: resolved (fixed in 1.18.3-6)
sid: resolved (fixed in 1.18.3-6)
trixie: resolved (fixed in 1.18.3-6)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562https://github.com/krb5/krb5/releaseshttps://security.netapp.com/advisory/ntap-20211022-0003/https://security.netapp.com/advisory/ntap-20211104-0007/https://web.mit.edu/kerberos/advisories/https://www.debian.org/security/2021/dsa-4944https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562https://github.com/krb5/krb5/releaseshttps://security.netapp.com/advisory/ntap-20211022-0003/https://security.netapp.com/advisory/ntap-20211104-0007/https://web.mit.edu/kerberos/advisories/https://www.debian.org/security/2021/dsa-4944https://www.oracle.com/security-alerts/cpuoct2021.html
2021-07-22
Published