]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 04c2b74) | patch
Add recursion limit for ASN.1 indefinite lengths
authorGreg Hudson <ghudson@mit.edu>
Sat, 31 Oct 2020 21:07:05 +0000 (17:07 -0400)
committerGreg Hudson <ghudson@mit.edu>
Tue, 3 Nov 2020 20:20:25 +0000 (15:20 -0500)
commit57415dda6cf04e73ffc3723be518eddfae599bfd
treefcbaa63545dca1e31bb76e8352e45f980ac19964tree
parent04c2b7415d62913845f31dc5b0d4051291e4d6d4commit | diff
Add recursion limit for ASN.1 indefinite lengths

The libkrb5 ASN.1 decoder supports BER indefinite lengths.  It
computes the tag length using recursion; the lack of a recursion limit
allows an attacker to overrun the stack and cause the process to
crash.  Reported by Demi Obenour.

CVE-2020-28196:

In MIT krb5 releases 1.11 and later, an unauthenticated attacker can
cause a denial of service for any client or server to which it can
send an ASN.1-encoded Kerberos message of sufficient length.

ticket: 8959 (new)
tags: pullup
target_version: 1.18-next
target_version: 1.17-next
src/lib/krb5/asn.1/asn1_encode.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git