10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.121 Low
EPSS
Percentile
95.3%
Multiple integer underflows in the (1) AES and (2) RC4 decryption
functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3
through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a
denial of service (daemon crash) or possibly execute arbitrary code by
providing ciphertext with a length that is too short to be valid.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | krb5 | < 1.4.3-5ubuntu0.10 | UNKNOWN |
ubuntu | 8.04 | noarch | krb5 | < 1.6.dfsg.3~beta1-2ubuntu1.3 | UNKNOWN |
ubuntu | 8.10 | noarch | krb5 | < 1.6.dfsg.4~beta1-3ubuntu0.3 | UNKNOWN |
ubuntu | 9.04 | noarch | krb5 | < 1.6.dfsg.4~beta1-5ubuntu2.2 | UNKNOWN |
ubuntu | 9.10 | noarch | krb5 | < 1.7dfsg~beta3-1ubuntu0.3 | UNKNOWN |