{"id":"CVE-2018-20217","details":"A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.","modified":"2026-03-20T11:24:45.519330Z","published":"2018-12-26T21:29:02.543Z","related":["MGASA-2019-0028","SUSE-SU-2019:0111-1","SUSE-SU-2019:0113-1","SUSE-SU-2019:0113-2","openSUSE-SU-2019:0063-1","openSUSE-SU-2024:11549-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0006/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"},{"type":"FIX","url":"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"fixed":"97e3c42b2a89a2ec60eb93d3f974769e3e3cbdc5"},{"fixed":"5e6d1796106df8ba6bc1973ee0917c170d929086"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.17"}]}}],"versions":["krb5-1.17-beta1","krb5-1.17-beta2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5-1.17"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures":[{"target":{"file":"src/kdc/kdc_util.c","function":"kdc_process_s4u2self_req"},"deprecated":false,"signature_type":"Function","source":"https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086","signature_version":"v1","id":"CVE-2018-20217-2b9be4ce","digest":{"function_hash":"281632458950095218231934864773643278513","length":2237}},{"target":{"file":"src/lib/krb5/krb/s4u_creds.c","function":"s4u_identify_user"},"deprecated":false,"signature_type":"Function","source":"https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086","signature_version":"v1","id":"CVE-2018-20217-9deb1157","digest":{"function_hash":"22009747526011531247411191432701765815","length":1519}},{"target":{"file":"src/kdc/kdc_util.c"},"deprecated":false,"signature_type":"Line","source":"https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086","signature_version":"v1","id":"CVE-2018-20217-b4599e87","digest":{"threshold":0.9,"line_hashes":["275169878082459207433134400309769904522","325437437607260974550496749957866301197","211459628144645672959958375863273568099"]}},{"target":{"file":"src/lib/krb5/krb/s4u_creds.c"},"deprecated":false,"signature_type":"Line","source":"https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086","signature_version":"v1","id":"CVE-2018-20217-e4d34f09","digest":{"threshold":0.9,"line_hashes":["128921040204504305593903249595158023063","204304021945698355911099436541501299156","253680059342113239776293698208297650928","35772295698068732454334995534124366979"]}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20217.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}