CVE-2014-5355 — NULL Pointer Dereference in Kerberos 5

CWE-476 — NULL Pointer Dereference10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

9.4%

top 7.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedFeb 20

Latest updateMay 13

Description

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianmit/krb5< 1.12.1+dfsg-18+3

▶NVDmit/kerberos_559 versions+58

🔴Vulnerability Details

GHSA

GHSA-cmh6-3x5j-qf2g: MIT Kerberos 5 (aka krb5) through 1↗2022-05-13

▶

OSV

krb5 vulnerabilities↗2015-11-12

▶

CVEList

CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1↗2015-02-20

▶

OSV

CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1↗2015-02-20

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2015-11-12

▶

Red Hat

krb5: unauthenticated denial of service in recvauth_common() and others↗2014-12-09

▶

Debian

CVE-2014-5355: krb5 - MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_me...↗2014

▶

💬Community

Bugzilla

CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others [fedora-all]↗2015-03-11

▶

Bugzilla

CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others↗2015-02-18

▶