{"id":"CVE-2020-28196","details":"MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.","modified":"2026-04-16T04:37:41.705862615Z","published":"2020-11-06T08:15:13.860Z","related":["SUSE-SU-2020:3375-1","SUSE-SU-2020:3377-1","SUSE-SU-2020:3379-1","openSUSE-SU-2020:2037-1","openSUSE-SU-2020:2062-1","openSUSE-SU-2024:11549-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20201202-0001/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4795"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202011-17"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210513-0002/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"fixed":"3fae84d40dc6367f94a1d1c8f9846a1f1873abb5"},{"introduced":"0"},{"fixed":"4d6a54bca820327a339051853d0716f74985238c"},{"fixed":"57415dda6cf04e73ffc3723be518eddfae599bfd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.17.2"},{"introduced":"1.18.0"},{"fixed":"1.18.3"}]}},{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"7ed30a748964c009d4909cb8b4b22036ebdef239"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.0.23"}]}}],"versions":["kfw-4.2-beta1","kfw-4.2-beta1-mit","krb5-1.17-beta1","krb5-1.17-beta2","krb5-1.17-final","krb5-1.17.1-final","krb5-1.18-beta1","krb5-1.18-beta2","krb5-1.18-final","krb5-1.18.1-final","krb5-1.18.2-final","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-8.0.23","mysql-cluster-8.0.23"],"database_specific":{"vanir_signatures_modified":"2026-04-11T16:25:17Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"1.14.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]}],"vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["82004413599074258995082300997859384277","95514533372883996870744119677761171591","256781595708548989705620904801224709789","278010137863133208867295668046764927658","23956022074200509683341350576803350327","190335139486536940044550308909496061835","169798344457330923474986025653426785038","32325356854271996720022701572692771778","52300159344737788490623129516453239447","186806524128379503509081764593343790184","243105010521653262774947389972205187455","63857117114616130914474771310684033647","199417454384241800826523717220571858480","30188149857417280810981412035781190927","267333555597311098053677739621321070589","150664080048655905756414456523591557682","255842828104875388391352603696648059168","305807793871677643555867443063607059033","49554595789120067555647948590810355974","304164243049172345599539357550429498714","276706774358412251743588505323921817969","319507010322596304432716532824188812522","187716112151959876914627128883343721908","171454353741844590700493061918404597125","208766693756104307864784200706611949598","308593154605976333657788096751535266174","67281110818822095509633258637472998374","301293672693294295426252448147416371342","157004517731995025953302795540372074819","232470601004856172972759924748522063383","313693152712755249157226542960713384796"],"threshold":0.9},"target":{"file":"src/lib/krb5/asn.1/asn1_encode.c"},"signature_version":"v1","source":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","id":"CVE-2020-28196-02fe0993","signature_type":"Line"},{"deprecated":false,"digest":{"function_hash":"57529091313606092540209127447220814768","length":1810},"target":{"file":"src/lib/krb5/asn.1/asn1_encode.c","function":"get_tag"},"signature_version":"v1","source":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","id":"CVE-2020-28196-16e73268","signature_type":"Function"},{"deprecated":false,"digest":{"function_hash":"99529815593991416643313083110453829191","length":411},"target":{"function":"k5_asn1_full_decode","file":"src/lib/krb5/asn.1/asn1_encode.c"},"signature_version":"v1","source":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","id":"CVE-2020-28196-4d4662e1","signature_type":"Function"},{"deprecated":false,"digest":{"function_hash":"80648222733855492235361015376819548722","length":2735},"target":{"function":"decode_atype","file":"src/lib/krb5/asn.1/asn1_encode.c"},"signature_version":"v1","source":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","id":"CVE-2020-28196-506ea3b4","signature_type":"Function"},{"deprecated":false,"digest":{"function_hash":"13140286987635898525301114047538986872","length":1035},"target":{"function":"decode_sequence","file":"src/lib/krb5/asn.1/asn1_encode.c"},"signature_version":"v1","source":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","id":"CVE-2020-28196-a9330910","signature_type":"Function"},{"deprecated":false,"digest":{"function_hash":"86798477443948831184784418331358588910","length":858},"target":{"function":"decode_sequence_of","file":"src/lib/krb5/asn.1/asn1_encode.c"},"signature_version":"v1","source":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","id":"CVE-2020-28196-cfa23556","signature_type":"Function"},{"source":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","digest":{"function_hash":"41481169286020098270889005944300769622","length":341},"target":{"function":"split_der","file":"src/lib/krb5/asn.1/asn1_encode.c"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-28196-faaa6393","signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28196.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}