Mit Krb5 vulnerabilities
124 known vulnerabilities affecting mit/krb5.
Total CVEs
124
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL30HIGH32MEDIUM53LOW9
Vulnerabilities
Page 4 of 7
CVE-2025-3576P4MEDIUMCVSS 5.9≥ 0, < 1.18.3-6+deb11u7≥ 0, < 1.20.1-2+deb12u4+1 more2025-04-15
CVE-2025-3576 [MEDIUM] CVE-2025-3576: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 chec
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unau
osv
CVE-2016-3120P4MEDIUMCVSS 6.5≥ 0, < 1.14.3+dfsg-12016-08-01
CVE-2016-3120 [MEDIUM] CVE-2016-3120: The validate_as_request function in kdc_util
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
osv
CVE-2017-11368P4MEDIUMCVSS 6.5≥ 0, < 1.15.1-22017-08-09
CVE-2017-11368 [MEDIUM] CVE-2017-11368: In MIT Kerberos 5 (aka krb5) 1
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
osv
CVE-2021-37750P4MEDIUMCVSS 6.5≥ 0, < 1.18.3-6+deb11u1≥ 0, < 1.18.3-72021-08-23
CVE-2021-37750 [MEDIUM] CVE-2021-37750: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
osv
CVE-2010-1321P4MEDIUMCVSS 6.8≥ 0, < 1.8.1+dfsg-32010-05-19
CVE-2010-1321 [MEDIUM] CVE-2010-1321: The kg_accept_krb5 function in krb5/accept_sec_context
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's che
osv
CVE-2015-2696P4HIGHCVSS 7.1≥ 0, < 1.13.2+dfsg-32015-11-09
CVE-2015-2696 [HIGH] CVE-2015-2696: lib/gssapi/krb5/iakerb
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
osv
CVE-2007-5894P4CRITICALCVSS 9.3≥ 0, < 1.6.dfsg.4~beta1-12007-12-06
CVE-2007-5894 [CRITICAL] CVE-2007-5894: The reply function in ftpd
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is n
osv
CVE-2010-0283P4HIGHCVSS 7.8≥ 0, < 1.8+dfsg~alpha1-72010-02-22
CVE-2010-0283 [HIGH] CVE-2010-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
osv
CVE-2015-8631P4MEDIUMCVSS 6.5≥ 0, < 1.13.2+dfsg-52016-02-13
CVE-2015-8631 [MEDIUM] CVE-2015-8631: Multiple memory leaks in kadmin/server/server_stubs
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
osv
CVE-2008-0063P4HIGHCVSS 7.5≥ 0, < 1.6.dfsg.3~beta1-42008-03-19
CVE-2008-0063 [HIGH] CVE-2008-0063: The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, whi
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
osv
CVE-2002-2443P4MEDIUMCVSS 5.0≥ 0, < 1.10.1+dfsg-62013-05-29
CVE-2002-2443 [MEDIUM] CVE-2002-2443: schpw
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
osv
CVE-2018-5710P4MEDIUMCVSS 6.5≥ 0, < 1.16.1-12018-01-16
CVE-2018-5710 [MEDIUM] CVE-2018-5710: An issue was discovered in MIT Kerberos 5 (aka krb5) through 1
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
osv
CVE-2005-0488P4MEDIUMCVSS 5.0≥ 0, < 1.8.3+dfsg-42005-06-14
CVE-2005-0488 [MEDIUM] CVE-2005-0488: Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
osv
CVE-2003-0138P4HIGHCVSS 7.5≥ 0, < 1.2.7-32003-03-24
CVE-2003-0138 [HIGH] CVE-2003-0138: Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a cho
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
osv
CVE-2015-2695P4MEDIUMCVSS 5.0≥ 0, < 1.13.2+dfsg-32015-11-09
CVE-2015-2695 [MEDIUM] CVE-2015-2695: lib/gssapi/spnego/spnego_mech
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
osv
CVE-2004-1189P4HIGHCVSS 7.2≥ 0, < 1.3.6-12004-12-31
CVE-2004-1189 [HIGH] CVE-2004-1189: The add_to_history function in svr_principal
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
osv
CVE-2006-3083P4HIGHCVSS 7.2≥ 0, < 1.4.3-92006-08-09
CVE-2006-3083 [HIGH] CVE-2006-3083: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
osv
CVE-2015-8629P4MEDIUMCVSS 5.3≥ 0, < 1.13.2+dfsg-52016-02-13
CVE-2015-8629 [MEDIUM] CVE-2015-8629: The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
osv
CVE-2010-0629P4MEDIUMCVSS 6.5≥ 0, < 1.7+dfsg-12010-04-07
CVE-2010-0629 [MEDIUM] CVE-2010-0629: Use-after-free vulnerability in kadmin/server/server_stubs
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
osv
CVE-2003-0060P4HIGHCVSS 7.5≥ 0, < 1.2.42003-02-19
CVE-2003-0060 [HIGH] CVE-2003-0060: Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
osv