Security Advisory

CVE-2020-28196

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-11-06 07:07:38

Last updated 2025-12-03 18:15:34

Assigner mitre

State PUBLISHED

Description

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

← Browse all CVEs View on cve.org ↗