CVE-2026-42483 — CRITICAL (9.8)

Vulnerability Description

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because account_info_len is calculated from untrusted delimiter positions without upper-bound validation before memcpy copies the data into a fixed-size account_info buffer.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hashcat	Hashcat	7.1.2

Related Weaknesses (CWE)

CWE-122 CWE-787

References

https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91fExploitMitigationThird Party Advisory
https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91fExploitMitigationThird Party Advisory

FAQ

What is CVE-2026-42483?

CVE-2026-42483 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issu...

How severe is CVE-2026-42483?

CVE-2026-42483 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-42483?

Check the references section above for vendor advisories and patch information. Affected products include: Hashcat Hashcat.