krb5

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The Kerberos network authentication system
Version 1.21.3-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2856 1.21.2-1 1.21.3-1 Medium Fixed
AVG-2312 1.19.2-2 1.19.3-1 Medium Fixed
AVG-2173 1.19.1-1 1.19.2-1 Low Fixed
AVG-586 1.16-1 1.16.1-1 Medium Fixed
AVG-505 1.15.2-1 Critical Not affected
AVG-414 1.15.1-1 1.15.2-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2024-37371 AVG-2856 Medium Yes Denial of service
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with...
CVE-2024-37370 AVG-2856 Medium Yes Content spoofing
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the...
CVE-2021-37750 AVG-2312 Medium Yes Denial of service
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that...
CVE-2021-36222 AVG-2173 Low Yes Denial of service
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.19.2 allows remote attackers to cause a NULL...
CVE-2018-5730 AVG-586 Medium Yes Insufficient validation
A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can circumvent a DN...
CVE-2018-5729 AVG-586 Medium Yes Insufficient validation
A flaw was found in MIT krb5 1.6 or later, an authenticated kadmin user with permission to add principals to an LDAP Kerberos database can cause a null...
CVE-2018-5709 AVG-586 Low Yes Information disclosure
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit...
CVE-2017-15088 AVG-505 Critical Yes Arbitrary code execution
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote...
CVE-2017-11462 AVG-414 High Yes Arbitrary code execution
A double free vulnerability has been discovered in MIT Kerberos 5 (aka krb5) allowing attackers to crash the application or possibly execute arbitrary code...
CVE-2017-11368 AVG-414 Medium Yes Denial of service
A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion...

Advisories

Date Advisory Group Severity Type
05 Jun 2018 ASA-201806-3 AVG-586 Medium insufficient validation
05 Oct 2017 ASA-201710-8 AVG-414 High multiple issues