DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2026-42483

Critical

Low Medium High Critical

9.8

CVSS Score

Published: May 01, 2026

Last Modified: May 01, 2026

CWE: CWE-787

Vulnerability Description

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because account_info_len is calculated from untrusted delimiter positions without upper-bound validation before memcpy copies the data into a fixed-size account_info buffer.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

1 configuration(s) from 1 vendor(s)

hashcat

Version:

7.1.2

CPE:

cpe:2.3:a:hashcat:hashcat:7.1.2:*:*:*:*:*:*:*

This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

1 patch available from vendors

View All Patches

SUSE

CVE-2026-42483

Severity

Unknown

Released

May 04, 2026

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

9.8

out of 10.0

Critical

Weakness Type (CWE)

CWE-787 Top 25 #2

Out-of-bounds Write

Description: The product writes data past the end, or before the beginning, of the intended buffer.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Base