[krbdev.mit.edu #8959] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Tue Nov 3 16:55:13 EST 2020
<URL: https://mv-ezproxy-com.ezproxyberklee.flo.org/rt/Ticket/Display.html?id=8959 >
Add recursion limit for ASN.1 indefinite lengths
The libkrb5 ASN.1 decoder supports BER indefinite lengths. It
computes the tag length using recursion; the lack of a recursion limit
allows an attacker to overrun the stack and cause the process to
crash. Reported by Demi Obenour.
In MIT krb5 releases 1.11 and later, an unauthenticated attacker can
cause a denial of service for any client or server to which it can
send an ASN.1-encoded Kerberos message of sufficient length.
(cherry picked from commit 57415dda6cf04e73ffc3723be518eddfae599bfd)
Author: Greg Hudson <ghudson at mit.edu>
Commit: 9239fa1d0124bdf3c78c20eb70873e3af2baabb1
Branch: krb5-1.17
src/lib/krb5/asn.1/asn1_encode.c | 16 +++++++++-------
1 files changed, 9 insertions(+), 7 deletions(-)
More information about the krb5-bugs
mailing list