AZL-35480 CVE-2024-26462 affecting package krb5 for versions less than 1.21.3-1

Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c...

SUSE CVE-2015-2694

The kdcpreauth modules in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing 1 zero bytes of data or 2 an arbitrary realm name,...

UBUNTU-CVE-2014-4342

MIT Kerberos 5 aka krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service buffer over-read or NULL pointer dereference, and application crash by injecting invalid tokens into a GSSAPI application session...

(krb5kdc): NULL pointer dereference in the TGS handling (MITKRB5-SA-2011-007)

The processtgsreq function in dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted TGS request that triggers an error other than the...

DEBIAN-CVE-2011-0282

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service NULL pointer dereference or buffer over-read, and daemon crash via a crafted principal name...

krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service NULL pointer dereference or buffer over-read, and daemon crash via a crafted principal name...

krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)

MIT Kerberos 5 aka krb5 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center KDC, or forge a KRB-SAFE message via...

DEBIAN-CVE-2010-0629

Use-after-free vulnerability in kadmin/server/serverstubs.c in kadmind in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service daemon crash via a request from a kadmin client that sends an invalid API version number...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. MIT Kerberos 5 krb5 1.3 through 1.4.1 Key Distribution Center KDC allows remote attackers to cause a denial of service application crash via a certain valid TCP connection that causes a free of unallocated memory...

Fedora Core 2 : krb5-1.3.3-7 (2004-150)

Bugs have been fixed in the krb5anametolocalname library function. Specifically, buffer overflows were possible for all Kerberos versions up to and including 1.3.3. The krb5anametolocalname function translates a Kerberos principal name to a local account name, typically a UNIX username. This...