CVE-2014-4342 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read CWE-476 — NULL Pointer Dereference10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

8.1%

top 7.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 Debian Linux MIT Kerberos +5 more

Timeline

PublishedJul 20

Latest updateMay 13

Description

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages7 packages

▶Debianmit/krb5< 1.12.1+dfsg-4+3

▶NVDmit/kerberos4 versions+3

▶NVDmit/kerberos_526 versions+25

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Debian Linux 7.0

Patches

Patch: www.oracle.com ↗Patch: github.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-734c-f6jq-56f9: MIT Kerberos 5 (aka krb5) 1↗2022-05-13

▶

OSV

CVE-2014-4342: MIT Kerberos 5 (aka krb5) 1↗2014-07-20

▶

CVEList

CVE-2014-4342: MIT Kerberos 5 (aka krb5) 1↗2014-07-20

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2014-08-11

▶

Red Hat

krb5: denial of service flaws when handling RFC 1964 tokens↗2014-06-26

▶

Debian

CVE-2014-4342: krb5 - MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attac...↗2014

▶

💬Community

Bugzilla

CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens↗2014-07-17

▶

Bugzilla

CVE-2014-4342 CVE-2014-4341 krb5: denial of service flaws when handling RFC 1964 tokens [fedora-all]↗2014-07-04

▶