CVE-2026-42483 - Vulnerability Details

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because account_info_len is calculated from untrusted delimiter positions without upper-bound validation before memcpy copies the data into a fixed-size account_info buffer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f

History

Fri, 01 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because account_info_len is calculated from untrusted delimiter positions without upper-bound validation before memcpy copies the data into a fixed-size account_info buffer.
References		https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-01T00:00:00.000Z

Updated: 2026-05-01T13:58:57.475Z

Reserved: 2026-04-27T00:00:00.000Z

Link: CVE-2026-42483

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T14:16:22.687

Modified: 2026-05-01T15:29:35.903

Link: CVE-2026-42483

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object