GCVE-VVD-MAGEIA-2021-22

Advisory Published

Vulnetix · Advisory published February 8, 2021

MIT Kerberos 5 (aka krb5) before 1.17.2 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit (CVE-2020-28196).

Download JSON Open in Console

Affected Products

Vendor	Product	Versions	Platforms
Mageia	pcmanfm	0 (affected), 1.3.1-3.git20190224.1.1.mga7 (unaffected)	—
Mageia	krb5	0 (affected), 1.17-2.1.mga7 (unaffected), 0 (affected), 1.17-2.1.mga7 (unaffected)	—