CVE-2020-10595

Name: CVE-2020-10595
Creator: NVD / NIST
Published: 2020-03-31T13:15:13.13+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 4.78%

Last modified Jun 17, 2026

CVE-2020-10595 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. EPSS estimates a 4.78% chance of exploitation in the next 30 days.

Description

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

4.78%

90.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Pam-Krb5 Project	Pam-Krb5	< 4.9
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0
Debian	Debian Linux	10.0

References

http://www.openwall.com/lists/oss-security/2020/03/31/1Mailing List, Patch, Third Party Advisory
https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/04/msg00000.htmlMailing List, Third Party Advisory
https://usn.ubuntu.com/4314-1/
https://www.debian.org/security/2020/dsa-4648Third Party Advisory
https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html
http://www.openwall.com/lists/oss-security/2020/03/31/1Mailing List, Patch, Third Party Advisory
https://github.com/rra/pam-krb5/commit/e7879e27a37119fad4faf133a9f70bdcdc75d760Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/04/msg00000.htmlMailing List, Third Party Advisory
https://usn.ubuntu.com/4314-1/
https://www.debian.org/security/2020/dsa-4648Third Party Advisory
https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html

Timeline

Published: Mar 31, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-10595?

How severe is CVE-2020-10595?

CVE-2020-10595 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 4.78% probability of exploitation in the next 30 days.

How do I fix CVE-2020-10595?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-10595?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST