CVE-2010-0283 — Improper Input Validation in Kerberos

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion9 documents8 sources

Severity

7.8HIGHNVD

EPSS

3.7%

top 11.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos MIT Kerberos 5

Timeline

PublishedFeb 22

Latest updateMay 2

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶Debianmit/krb5< 1.8+dfsg~alpha1-7+3

▶NVDmit/kerberos5-1.8

▶NVDmit/kerberos_51.7, 1.7.1+1

🔴Vulnerability Details

GHSA

GHSA-jwfx-h8qj-v94c: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1↗2022-05-02

▶

OSV

CVE-2010-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1↗2010-02-22

▶

CVEList

CVE-2010-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1↗2010-02-21

▶

📋Vendor Advisories

Red Hat

kernel: possible kernel oops from user MSS↗2010-11-10

▶

Ubuntu

Kerberos vulnerabilities↗2010-03-23

▶

Red Hat

krb5 KDC denial of service↗2010-02-16

▶

Debian

CVE-2010-0283: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2,...↗2010

▶

💬Community

Bugzilla

CVE-2010-0283 krb5 KDC denial of service↗2010-01-19

▶