CVE-2014-4341

CWE-125 — Out-of-bounds Read CWE-1309 documents8 sources

Severity

5.0MEDIUM

EPSS

14.5%

top 5.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Kerberos 5 Debian Debian Linux Fedoraproject Fedora +7 more

Timeline

PublishedJul 20

Latest updateMay 13

Description

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDmit/kerberos_5< 1.12.2

▶Debiankrb5< 1.12.1+dfsg-4+3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Debian Linux 7.0, Fedora 20, Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qq5g-rggx-4f8p: MIT Kerberos 5 (aka krb5) before 1↗2022-05-13

▶

OSV

CVE-2014-4341: MIT Kerberos 5 (aka krb5) before 1↗2014-07-20

▶

CVEList

CVE-2014-4341: MIT Kerberos 5 (aka krb5) before 1↗2014-07-20

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2014-08-11

▶

Red Hat

krb5: denial of service flaws when handling padding length longer than the plaintext↗2014-06-26

▶

Debian

CVE-2014-4341: krb5 - MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denia...↗2014

▶

💬Community

Bugzilla

CVE-2014-4342 CVE-2014-4341 krb5: denial of service flaws when handling RFC 1964 tokens [fedora-all]↗2014-07-04

▶

Bugzilla

CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext↗2014-07-04

▶