CVE-2002-0036Kerberos 5 vulnerability

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
19.0%
top 4.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
MIT Kerberos 5
Timeline
PublishedFeb 19
Latest updateApr 30

Description

Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmit/kerberos_54 versions+3

Patches

Patch: web.mit.eduPatch: www.kb.cert.orgPatch: web.mit.edu

🔴Vulnerability Details

2
GHSA
GHSA-4hr3-85ww-cj5w: Integer signedness error in MIT Kerberos V5 ASN2022-04-30
CVEList
CVE-2002-0036: Integer signedness error in MIT Kerberos V5 ASN2004-09-01

📋Vendor Advisories

1
Red Hat
security flaw2003-01-29

💬Community

1
Bugzilla
CVE-2002-0036 security flaw2018-08-16
CVE-2002-0036 — MIT Kerberos 5 vulnerability | cvebase