Kerberos 5@1.10.2 Security Vulnerabilities and Issues — Kerberos 5@1.10.2 CVE List

Lucene search

MitKerberos 51.10.2

10 matches found

CVE•added 2014/08/14 5:1 a.m.•126 views

CVE-2014-4344

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain poin...

7.8CVSS6.3AI score0.06988EPSS

CVE•added 2014/07/20 11:12 a.m.•120 views

CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

5CVSS8.8AI score0.07306EPSS

CVE•added 2016/03/26 1:59 a.m.•114 views

CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer deref...

5.3CVSS5.3AI score0.05717EPSS

CVE•added 2017/08/09 6:29 p.m.•113 views

CVE-2017-11368

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

6.5CVSS6.4AI score0.00307EPSS

CVE•added 2015/02/20 11:59 a.m.•110 views

CVE-2014-5355

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of...

5CVSS6.5AI score0.03587EPSS

CVE•added 2014/08/14 5:1 a.m.•87 views

CVE-2014-4343

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via net...

7.6CVSS7.8AI score0.07384EPSS

CVE•added 2014/08/14 5:1 a.m.•75 views

CVE-2014-4345

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buff...

8.5CVSS9.2AI score0.05664EPSS

CVE•added 2013/11/18 2:55 a.m.•70 views

CVE-2013-6800

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.

4CVSS6AI score0.0586EPSS

CVE•added 2012/08/06 4:55 p.m.•69 views

CVE-2012-1014

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbi...

9CVSS7.8AI score0.01844EPSS

CVE•added 2012/08/06 4:55 p.m.•62 views

CVE-2012-1015

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to exe...

9.3CVSS7.6AI score0.03103EPSS