Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mit Subscribe
Filtered by product Kerberos 5

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39975 1 Mit 1 Kerberos 5 2023-08-22 N/A 8.8 HIGH
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
CVE-2019-14844 2 Fedoraproject, Mit 2 Fedora, Kerberos 5 2022-05-24 5.0 MEDIUM 7.5 HIGH
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
CVE-2020-28196 4 Fedoraproject, Mit, Netapp and 1 more 11 Fedora, Kerberos 5, Active Iq Unified Manager and 8 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
CVE-2021-36222 4 Debian, Mit, Netapp and 1 more 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more 2021-11-28 5.0 MEDIUM 7.5 HIGH
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
CVE-2015-8630 1 Mit 1 Kerberos 5 2020-01-21 5.0 MEDIUM 7.5 HIGH
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.