Kerberos 5

kerberos_5

Vendor: Mit • 137 CVEs

CVEs (137)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37371 2Debian Mit 2Debian Linux Kerberos 5 May 12, 2026 Jun 28, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
CVE-2024-37370 1Mit 1Kerberos 5 May 12, 2026 Jun 28, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
CVE-2024-26462 2Mit Netapp 8Active Iq Unified Manager Cloud Volumes Ontap MediatorH610c Firmware+5 more Mar 25, 2025 Feb 29, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
CVE-2024-26461 2Mit Netapp 9Active Iq Unified Manager Cloud Volumes Ontap MediatorH610c Firmware+6 more May 23, 2025 Feb 29, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
CVE-2024-26458 2Mit Netapp 9Active Iq Unified Manager Cloud Volumes Ontap MediatorH610c Firmware+6 more May 23, 2025 Feb 29, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
CVE-2023-39975 1Mit 1Kerberos 5 Feb 25, 2026 Aug 16, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket t...Show more kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.Show less
CVE-2023-36054 3Debian MitNetapp 7Active Iq Unified Manager Clustered Data OntapDebian Linux+4 more Nov 21, 2024 Aug 7, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_princip...Show more lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.Show less
CVE-2022-42898 3Heimdal Project MitSamba 3Heimdal Kerberos 5Samba Apr 14, 2025 Dec 25, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms...Show more PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."Show less
CVE-2022-39028 4Debian GnuMit+1 more 4Debian Linux InetutilsKerberos 5+1 more Nov 21, 2024 Aug 30, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the te...Show more telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.Show less
CVE-2021-37750 5Debian FedoraprojectMit+2 more 5Communications Cloud Native Core Network Slice Selection Function Debian LinuxFedora+2 more Nov 21, 2024 Aug 23, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
CVE-2021-36222 4Debian MitNetapp+1 more 7Active Iq Unified Manager Debian LinuxKerberos 5+4 more Nov 21, 2024 Jul 22, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. Thi...Show more ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.Show less
CVE-2020-28196 4Fedoraproject MitNetapp+1 more 11Active Iq Unified Manager Cloud BackupCommunications Cloud Native Core Policy+8 more Dec 3, 2025 Nov 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recurs...Show more MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.Show less
CVE-2019-14844 2Fedoraproject Mit 2Fedora Kerberos 5 Nov 21, 2024 Sep 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw...Show more A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.Show less
CVE-2017-7562 2Mit Redhat 5Enterprise Linux Enterprise Linux DesktopEnterprise Linux Server+2 more Nov 21, 2024 Jul 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw...Show more An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.Show less
CVE-2018-5730 4Debian FedoraprojectMit+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more May 5, 2025 Mar 6, 2018 N/A· v4 3.8 LOW· v3 5.5 MEDIUM· v2 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument,...Show more MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.Show less
CVE-2018-5729 4Debian FedoraprojectMit+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more May 5, 2025 Mar 6, 2018 N/A· v4 4.7 MEDIUM· v3 6.5 MEDIUM· v2 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagg...Show more MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.Show less
CVE-2017-15088 1Mit 1Kerberos 5 May 13, 2026 Nov 23, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (...Show more plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.Show less
CVE-2017-11462 2Fedoraproject Mit 2Fedora Kerberos 5 May 13, 2026 Sep 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
CVE-2017-11368 2Fedoraproject Mit 3Fedora KerberosKerberos 5 May 13, 2026 Aug 9, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
CVE-2016-3120 1Mit 1Kerberos 5 May 6, 2026 Aug 1, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client...Show more The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.Show less

12 3 4 5 6 7 Next