CVE-2014-5354

2014-12-1623:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-5354

mit kerberos 5

ldap

plugin

null pointer dereference

dos

nvd

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.2%

JSON

plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin “add_principal -nokey” or “purgekeys -all” command.

CPENameOperatorVersion
mit:kerberosmit kerberoseq5_1.13
mit:kerberos_5mit kerberos 5eq1.12
mit:kerberos_5mit kerberos 5eq1.12.1
mit:kerberos_5mit kerberos 5eq1.12.2