CVE-2014-4341: MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid…

medium5CVSS 3.1

AVNACLAuNCNINAP

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

Affected

28 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	krb5	< krb5 1.12.1+dfsg-4 (bookworm)	krb5 1.12.1+dfsg-4 (bookworm)
fedoraproject	fedora	—	—
mit	kerberos_5	< 1.12.2	1.12.2
mit	krb5	>= 0 < 1.12.1+dfsg-4	1.12.1+dfsg-4
mit	krb5	>= 0 < 1.12.1+dfsg-4	1.12.1+dfsg-4
mit	krb5	>= 0 < 1.12.1+dfsg-4	1.12.1+dfsg-4
mit	krb5	>= 0 < 1.12.1+dfsg-4	1.12.1+dfsg-4
mit	krb5	>= 0 < 1.12+dfsg-2ubuntu4.2	1.12+dfsg-2ubuntu4.2
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_tus	—	—

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

osv5.0MEDIUM