Vulnerabilities > CVE-2021-36222 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
mit
debian
netapp
oracle
CWE-476

Summary

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Vulnerable Configurations

Part Description Count
Application
Mit
133
Application
Netapp
5
Application
Oracle
8
OS
Debian
1

Common Weakness Enumeration (CWE)