CVE-2020-28196

HIGH

MIT Kerberos <1.17.2, <1.18.x-1.18.3 - RCE

Title source: llm
STIX 2.1

Description

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

References (14)

Core 14
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202011-17
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4795
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210513-0002/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20201202-0001/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html

Scores

CVSS v3 7.5
EPSS 0.0129
EPSS Percentile 79.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-674
Status published
Products (11)
fedoraproject/fedora 31
mit/kerberos_5 < 1.17.2
netapp/active_iq_unified_manager (2 CPE variants)
netapp/cloud_backup
netapp/oncommand_insight
netapp/oncommand_workflow_automation
netapp/snapcenter
oracle/communications_cloud_native_core_policy 1.14.0
oracle/communications_offline_mediation_controller 12.0.0.3.0
oracle/communications_pricing_design_center 12.0.0.3.0
... and 1 more
Published Nov 06, 2020
Tracked Since Feb 18, 2026