Mit Kerberos 5 vulnerabilities
135 known vulnerabilities affecting mit/kerberos_5.
Total CVEs
135
CISA KEV
0
Public exploits
5
Exploited in wild
2
Severity breakdown
CRITICAL32HIGH35MEDIUM58LOW10
Vulnerabilities
Page 2 of 7
CVE-2014-9421P3CRITICALCVSS 9.0v1.11v1.11.1+8 more2015-02-19
CVE-2014-9421 [CRITICAL] CVE-2014-9421: The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) thro
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbit
nvd
CVE-2019-14844P3HIGHCVSS 7.5≥ 1.16.1, ≤ 1.17.12019-09-26
CVE-2019-14844 [HIGH] CWE-628 CVE-2019-14844: A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
nvd
CVE-2012-1015P3CRITICALCVSS 9.3v1.8v1.8.1+9 more2012-08-06
CVE-2012-1015 [CRITICAL] CWE-20 CVE-2012-1015: The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uni
nvd
CVE-2007-4000P3HIGHCVSS 8.5≥ 1.5, ≤ 1.6.22007-09-05
CVE-2007-4000 [HIGH] CWE-824 CVE-2007-4000: The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administrati
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified
nvd
CVE-2016-3119P3MEDIUMCVSS 5.3v1.0v1.0.6+67 more2016-03-26
CVE-2016-3119 [MEDIUM] CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB modul
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a pri
nvd
CVE-2009-4212P3CRITICALCVSS 10.0v1.3v1.3.1+18 more2010-01-13
CVE-2009-4212 [CRITICAL] CWE-189 CVE-2009-4212: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto librar
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
nvd
CVE-2021-36222P3HIGHCVSS 7.5fixed in 1.18.4≥ 1.19.0, < 1.19.22021-07-22
CVE-2021-36222 [HIGH] CWE-476 CVE-2021-36222: ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
nvd
CVE-2008-0062P3CRITICALCVSS 9.8≤ 1.6.32008-03-19
CVE-2008-0062 [CRITICAL] CWE-665 CVE-2008-0062: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which al
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
nvd
CVE-2009-0846P3CRITICALCVSS 10.0fixed in 1.6.42009-04-09
CVE-2009-0846 [CRITICAL] CWE-824 CVE-2009-0846: The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime de
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
nvd
CVE-2005-1175P3HIGHCVSS 7.5v1.3v1.3.1+7 more2005-07-18
CVE-2005-1175 [HIGH] CVE-2005-1175: Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and e
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
nvd
CVE-2014-4343P3HIGHCVSS 7.6v1.10v1.10.1+11 more2014-08-14
CVE-2014-4343 [HIGH] CWE-415 CVE-2014-4343: Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/sp
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended accep
nvd
CVE-2017-11462P3CRITICALCVSS 9.8v1.14v1.14.1+6 more2017-09-13
CVE-2017-11462 [CRITICAL] CWE-415 CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact v
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
nvd
CVE-2007-4743P3CRITICALCVSS 10.0v1.4v1.4.1+10 more2007-09-06
CVE-2007-4743 [CRITICAL] CVE-2007-4743: The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffe
nvd
CVE-2011-0284P3HIGHCVSS 7.6v1.7v1.7.1+5 more2011-03-20
CVE-2011-0284 [HIGH] CWE-399 CVE-2011-0284: Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Ce
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
nvd
CVE-2012-1014P3CRITICALCVSS 9.0v1.10v1.10.1+1 more2012-08-06
CVE-2012-1014 [CRITICAL] CVE-2012-1014: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
nvd
CVE-2017-7562P3MEDIUMCVSS 6.5≥ 1.0, < 1.16.12018-07-26
CVE-2017-7562 [MEDIUM] CWE-287 CVE-2017-7562: An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled t
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
nvd
CVE-2008-0948P3CRITICALCVSS 9.3v1.2.22008-03-19
CVE-2008-0948 [CRITICAL] CWE-119 CVE-2008-0948: Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT K
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering
nvd
CVE-2005-1689P3CRITICALCVSS 9.8≤ 1.4.12005-07-18
CVE-2005-1689 [CRITICAL] CWE-415 CVE-2005-1689: Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier a
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
nvd
CVE-2020-28196P3HIGHCVSS 7.5fixed in 1.17.2≥ 1.18.0, < 1.18.32020-11-06
CVE-2020-28196 [HIGH] CWE-674 CVE-2020-28196: MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an A
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
nvd
CVE-2000-0390P3CRITICALCVSS 10.0v1.0v1.1.12000-05-16
CVE-2000-0390 [CRITICAL] CVE-2000-0390: Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
nvd