MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "1.17.2"
}
],
"cpes": [
"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*"
],
"vendor_product": "mit:kerberos_5",
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"introduced": "31"
},
{
"last_affected": "31"
}
],
"source": "CPE_STRING",
"vendor_product": "fedoraproject:fedora",
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "1.14.0"
},
{
"last_affected": "1.14.0"
}
],
"cpes": [
"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "oracle:communications_cloud_native_core_policy"
},
{
"extracted_events": [
{
"introduced": "12.0.0.3.0"
},
{
"last_affected": "12.0.0.3.0"
}
],
"vendor_product": "oracle:communications_offline_mediation_controller",
"cpes": [
"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "12.0.0.3.0"
},
{
"last_affected": "12.0.0.3.0"
}
],
"vendor_product": "oracle:communications_pricing_design_center",
"cpes": [
"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
}
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.17.2"
},
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.3"
}
],
"cpe": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "8.0.23"
}
],
"cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"source": "CPE_RANGE"
}