CVE-2013-1418NULL Pointer Dereference in Kerberos 5

CWE-476NULL Pointer Dereference11 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
7.7%
top 8.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MIT Krb5MIT Kerberos 5Debian Linux+1 more
Timeline
PublishedNov 18
Latest updateMay 13

Description

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmit/kerberos_5< 1.10.7
Debianmit/krb5< 1.11.3+dfsg-3+nmu1+3
NVDopensuse/opensuse4 versions+3

Also affects: Debian Linux 7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-gfmf-37px-c964: The setup_server_realm function in main2022-05-13
OSV
CVE-2013-1418: The setup_server_realm function in main2013-11-18
CVEList
CVE-2013-1418: The setup_server_realm function in main2013-11-16

📋Vendor Advisories

4
Ubuntu
Kerberos vulnerabilities2014-08-11
Red Hat
krb5: multi-realm KDC null dereference leads to crash2013-11-04
Red Hat
krb5: KDC remote DoS (NULL pointer dereference and daemon crash)2013-11-04
Debian
CVE-2013-1418: krb5 - The setup_server_realm function in main.c in the Key Distribution Center (KDC) i...2013

💬Community

2
Bugzilla
CVE-2013-1418 krb5: multi-realm KDC null dereference leads to crash [fedora-all]2013-11-05
Bugzilla
CVE-2013-1418 krb5: multi-realm KDC null dereference leads to crash2013-11-05
CVE-2013-1418 — NULL Pointer Dereference in Kerberos 5 | cvebase