cbcvebase.

Mit Krb5 vulnerabilities

124 known vulnerabilities affecting mit/krb5.

Total CVEs
124
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL30HIGH32MEDIUM53LOW9

Vulnerabilities

Page 1 of 7
CVE-2011-4862P1CRITICALCVSS 10.0ExploitedPoC≥ 0, < 1.8+dfsg~aa+r23527-12011-12-25
CVE-2011-4862 [CRITICAL] CVE-2011-4862: Buffer overflow in libtelnet/encrypt Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
osv
CVE-2002-1235P2CRITICALCVSS 10.0Exploited≥ 0, < 1.2.6-22002-11-04
CVE-2002-1235 [CRITICAL] CVE-2002-1235: The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1 The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the lengt
osv
CVE-2011-0285P2CRITICALCVSS 10.0PoC≥ 0, < 1.9.1+dfsg-12011-04-15
CVE-2011-0285 [CRITICAL] CVE-2011-0285: The process_chpw_request function in schpw The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.
osv
CVE-2005-0468P3HIGHCVSS 7.5PoC≥ 0, < 1.3.6-22005-05-02
CVE-2005-0468 [HIGH] CVE-2005-0468: Heap-based buffer overflow in the env_opt_add function in telnet Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
osv
CVE-2007-0956P3CRITICALCVSS 10.0≥ 0, < 1.4.4-82007-04-06
CVE-2007-0956 [CRITICAL] CVE-2007-0956: The telnet daemon (telnetd) in MIT krb5 before 1 The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
osv
CVE-2002-0391P3CRITICALCVSS 9.8≥ 0, < 1.2.5-22002-08-12
CVE-2002-0391 [CRITICAL] CVE-2002-0391: Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, al Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
osv
CVE-2022-42898P3HIGHCVSS 8.8≥ 0, < 1.18.3-6+deb11u3≥ 0, < 1.20.1-12022-12-25
CVE-2022-42898 [HIGH] CVE-2022-42898: PAC parsing in MIT Kerberos 5 (aka krb5) before 1 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar
osv
CVE-2007-3999P3CRITICALCVSS 10.0≥ 0, < 1.6.dfsg.1-72007-09-05
CVE-2007-3999 [CRITICAL] CVE-2007-3999: Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execu
osv
CVE-2017-15088P3CRITICALCVSS 9.8≥ 0, < 1.15.2-22017-11-23
CVE-2017-15088 [CRITICAL] CVE-2017-15088: plugins/preauth/pkinit/pkinit_crypto_openssl plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only
osv
CVE-2010-1320P4MEDIUMCVSS 4.0PoC≥ 0, < 1.8.1+dfsg-22010-04-22
CVE-2010-1320 [MEDIUM] CVE-2010-1320: Double free vulnerability in do_tgs_req Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
osv
CVE-2024-37371P3CRITICALCVSS 9.1≥ 0, < 1.18.3-6+deb11u5≥ 0, < 1.20.1-2+deb12u2+1 more2024-06-28
CVE-2024-37371 [CRITICAL] CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
osv
CVE-2007-2442P3CRITICALCVSS 10.0≥ 0, < 1.6.dfsg.1-52007-06-26
CVE-2007-2442 [CRITICAL] CVE-2007-2442: The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1 The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
osv
CVE-2014-4345P3HIGHCVSS 8.5≥ 0, < 1.12.1+dfsg-72014-08-14
CVE-2014-4345 [HIGH] CVE-2014-4345: Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2 Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a serie
osv
CVE-2008-0947P3CRITICALCVSS 10.0≥ 0, < 1.6.dfsg.3~beta1-42008-03-19
CVE-2008-0947 [CRITICAL] CVE-2008-0947: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1 Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
osv
CVE-2007-0957P3CRITICALCVSS 9.0≥ 0, < 1.4.4-82007-04-06
CVE-2007-0957 [CRITICAL] CVE-2007-0957: Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Dis Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted a
osv
CVE-2014-5352P3CRITICALCVSS 9.0≥ 0, < 1.12.1+dfsg-172015-02-19
CVE-2014-5352 [CRITICAL] CVE-2014-5352: The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon
osv
CVE-2007-1216P3CRITICALCVSS 9.0≥ 0, < 1.4.4-82007-04-06
CVE-2007-1216 [CRITICAL] CVE-2007-1216: Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction en
osv
CVE-2004-0523P3CRITICALCVSS 10.0≥ 0, < 1.3.3-22004-08-18
CVE-2004-0523 [CRITICAL] CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1 Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
osv
CVE-2007-2798P3CRITICALCVSS 9.0≥ 0, < 1.6.dfsg.1-52007-06-26
CVE-2007-2798 [CRITICAL] CVE-2007-2798: Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1 Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
osv
CVE-2014-9421P3CRITICALCVSS 9.0≥ 0, < 1.12.1+dfsg-172015-02-19
CVE-2014-9421 [CRITICAL] CVE-2014-9421: The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as
osv
Mit Krb5 vulnerabilities | cvebase