Mit Krb5 vulnerabilities
124 known vulnerabilities affecting mit/krb5.
Total CVEs
124
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL30HIGH32MEDIUM53LOW9
Vulnerabilities
Page 2 of 7
CVE-2019-14844P3HIGHCVSS 7.5vFedora versions of krb5 from 1.16.1 to, including 1.17.x2019-09-26
CVE-2019-14844 [HIGH] CWE-628 CVE-2019-14844: A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
nvd
CVE-2012-1015P3CRITICALCVSS 9.3≥ 0, < 1.10.1+dfsg-22012-08-06
CVE-2012-1015 [CRITICAL] CVE-2012-1015: The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of servic
osv
CVE-2007-4000P3HIGHCVSS 8.5≥ 0, < 1.6.dfsg.1-72007-09-05
CVE-2007-4000 [HIGH] CVE-2007-4000: The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an unin
osv
CVE-2016-3119P3MEDIUMCVSS 5.3≥ 0, < 1.14.2+dfsg-12016-03-26
CVE-2016-3119 [MEDIUM] CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
osv
CVE-2009-4212P3CRITICALCVSS 10.0≥ 0, < 1.8+dfsg~alpha1-12010-01-13
CVE-2009-4212 [CRITICAL] CVE-2009-4212: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too sho
osv
CVE-2021-36222P3HIGHCVSS 7.5≥ 0, < 1.16-2ubuntu0.4≥ 0, < 1.17-6ubuntu4.32023-03-16
CVE-2021-36222 [HIGH] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled memory when processing
KDC data, which could lead to a NULL pointer dereference. An attacker could
possibly use this issue to cause a denial of service or have other
unspecified impacts. (CVE-2021-36222, CVE-2021-37750)
osv
CVE-2008-0062P3CRITICALCVSS 9.8≥ 0, < 1.6.dfsg.3~beta1-42008-03-19
CVE-2008-0062 [CRITICAL] CVE-2008-0062: KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
osv
CVE-2009-0846P3CRITICALCVSS 10.0≥ 0, < 1.6.dfsg.4~beta1-132009-04-09
CVE-2009-0846 [CRITICAL] CVE-2009-0846: The asn1_decode_generaltime function in lib/krb5/asn
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
osv
CVE-2005-1175P3HIGHCVSS 7.5≥ 0, < 1.3.6-42005-07-18
CVE-2005-1175 [HIGH] CVE-2005-1175: Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
osv
CVE-2014-4343P3HIGHCVSS 7.6≥ 0, < 1.12.1+dfsg-52014-08-14
CVE-2014-4343 [HIGH] CVE-2014-4343: Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intend
osv
CVE-2017-11462P3CRITICALCVSS 9.8≥ 0, < 1.15.2-12017-09-13
CVE-2017-11462 [CRITICAL] CVE-2017-11462: Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of securit
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
osv
CVE-2007-4743P3CRITICALCVSS 10.0≥ 0, < 1.6.dfsg.1-72007-09-06
CVE-2007-4743 [CRITICAL] CVE-2007-4743: The original patch for CVE-2007-3999 in svc_auth_gss
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
osv
CVE-2011-0284P3HIGHCVSS 7.6≥ 0, < 1.8.3+dfsg-62011-03-20
CVE-2011-0284 [HIGH] CVE-2011-0284: Double free vulnerability in the prepare_error_as function in do_as_req
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
osv
CVE-2012-1014P3CRITICALCVSS 9.0≥ 0, < 1.10.1+dfsg-22012-08-06
CVE-2012-1014 [CRITICAL] CVE-2012-1014: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
osv
CVE-2017-7562P3MEDIUMCVSS 6.5v1.16.12018-07-26
CVE-2017-7562 [MEDIUM] CWE-287 CVE-2017-7562: An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled t
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
nvd
CVE-2008-0948P3CRITICALCVSS 9.3≥ 0, < 1.3-12008-03-19
CVE-2008-0948 [CRITICAL] CVE-2008-0948: Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
osv
CVE-2005-1689P3CRITICALCVSS 9.8≥ 0, < 1.3.6-42005-07-18
CVE-2005-1689 [CRITICAL] CVE-2005-1689: Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
osv
CVE-2020-28196P3HIGHCVSS 7.5≥ 0, < 1.18.3-12020-11-06
CVE-2020-28196 [HIGH] CVE-2020-28196: MIT Kerberos 5 (aka krb5) before 1
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
osv
CVE-2007-5902P3CRITICALCVSS 10.0≥ 0, < 1.6.dfsg.4~beta1-12007-12-06
CVE-2007-5902 [CRITICAL] CVE-2007-5902: Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
osv
CVE-2005-0469P3HIGHCVSS 7.5≥ 0, < 1.3.6-22005-05-02
CVE-2005-0469 [HIGH] CVE-2005-0469: Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execu
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
osv