cbcvebase.
CVE-2014-5354
published 2014-12-16

CVE-2014-5354: plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote…

PriorityP416low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
1.74%
74.9th percentile
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiankrb5< krb5 1.12.1+dfsg-16 (bookworm)krb5 1.12.1+dfsg-16 (bookworm)
mitkerberos
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12+dfsg-2ubuntu5.11.12+dfsg-2ubuntu5.1

CVSS provenance

nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
vendor_ubuntu2.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.