CVE-2013-6800NULL Pointer Dereference in Kerberos

CWE-476NULL Pointer Dereference8 documents7 sources
Severity
4.0MEDIUMNVD
CNA4.3OSV4.3
EPSS
0.8%
top 26.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MIT Krb5MIT KerberosMIT Kerberos 5
Timeline
PublishedNov 18
Latest updateMay 13

Description

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

Ubuntumit/krb5< 1.12+dfsg-2ubuntu4
NVDmit/kerberos5-1.10.5, 5-1.10.6, 5-1.10.7+2
NVDmit/kerberos_55 versions+4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-f64v-2v58-4rrx: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 12022-05-13
OSV
CVE-2013-6800: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 12013-11-17
CVEList
CVE-2013-6800: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 12013-11-16

📋Vendor Advisories

2
Ubuntu
Kerberos vulnerabilities2014-08-11
Red Hat
krb5: KDC remote DoS (NULL pointer dereference and daemon crash)2013-11-04

💬Community

2
Bugzilla
CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) [fedora-all]2013-11-18
Bugzilla
CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash)2013-11-18
CVE-2013-6800 — NULL Pointer Dereference in Kerberos | cvebase