Kerberos 5 Security Vulnerabilities and Issues — Kerberos 5 CVE List

Lucene search

MitKerberos 5

17 matches found

CVE•added 2017/11/23 5:29 p.m.•151 views

CVE-2017-15088

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 ...

9.8CVSS9.8AI score0.0399EPSS

CVE•added 2024/06/28 11:15 p.m.•149 views

CVE-2024-37371

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

9.1CVSS6.9AI score0.00725EPSS

CVE•added 2017/09/13 4:29 p.m.•93 views

CVE-2017-11462

Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

9.8CVSS6.9AI score0.00642EPSS

CVE•added 2015/02/19 11:59 a.m.•89 views

CVE-2014-9421

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free ...

9CVSS8.8AI score0.03849EPSS

CVE•added 2007/04/06 1:19 a.m.•81 views

CVE-2007-1216

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary co...

9CVSS9.3AI score0.11518EPSS

CVE•added 2015/02/19 11:59 a.m.•79 views

CVE-2014-5352

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated us...

9CVSS8.9AI score0.04801EPSS

CVE•added 2004/10/20 4:0 a.m.•76 views

CVE-2004-0772

Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

9.8CVSS9.9AI score0.21769EPSS

CVE•added 2008/03/19 10:44 a.m.•75 views

CVE-2008-0062

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

9.8CVSS9.8AI score0.07232EPSS

CVE•added 2007/06/26 10:30 p.m.•73 views

CVE-2007-2798

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

9CVSS9.4AI score0.1489EPSS

CVE•added 2007/04/06 1:19 a.m.•72 views

CVE-2007-0957

Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via...

9CVSS9.6AI score0.13223EPSS

CVE•added 2012/08/06 4:55 p.m.•69 views

CVE-2012-1014

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbi...

9CVSS7.8AI score0.01844EPSS

CVE•added 2012/08/06 4:55 p.m.•62 views

CVE-2012-1015

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to exe...

9.3CVSS7.6AI score0.03103EPSS

CVE•added 2005/07/18 4:0 a.m.•60 views

CVE-2005-1689

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

9.8CVSS9.7AI score0.55203EPSS

CVE•added 2008/03/19 12:44 a.m.•55 views

CVE-2008-0948

Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (cras...

9.3CVSS9.7AI score0.3489EPSS

CVE•added 2007/01/10 12:0 a.m.•52 views

CVE-2006-6143

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possi...

9.3CVSS7.5AI score0.28213EPSS

CVE•added 2007/12/06 2:46 a.m.•48 views

CVE-2007-5972

Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to sto...

9CVSS6.2AI score0.01689EPSS

CVE•added 2007/12/06 2:46 a.m.•46 views

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitial...

9.3CVSS9.1AI score0.02245EPSS