Vulnerabilities > MIT > Kerberos 5 > 1.12.5

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-28196 Uncontrolled Recursion vulnerability in MIT Kerberos 5
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
network
low complexity
mit CWE-674
5.0
2018-07-26 CVE-2017-7562 Improper Authentication vulnerability in multiple products
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates.
network
low complexity
redhat mit CWE-287
4.0
2017-11-23 CVE-2017-15088 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos 5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions.
network
low complexity
mit CWE-119
7.5
2016-02-13 CVE-2015-8631 Missing Release of Resource After Effective Lifetime vulnerability in multiple products
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
network
low complexity
mit opensuse debian redhat oracle CWE-772
4.0
2016-02-13 CVE-2015-8630 Denial of Service vulnerability in MIT Kerberos 5
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
network
low complexity
mit
5.0
2016-02-13 CVE-2015-8629 Out-Of-Bounds Read vulnerability in multiple products
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
network
high complexity
mit oracle debian opensuse redhat CWE-125
2.1
2015-11-09 CVE-2015-2697 Out-Of-Bounds Read vulnerability in multiple products
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.
network
low complexity
mit oracle canonical debian opensuse suse CWE-125
4.0
2015-11-09 CVE-2015-2696 Source Code vulnerability in multiple products
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
7.1
2015-11-09 CVE-2015-2695 Release of Invalid Pointer OR Reference vulnerability in multiple products
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
network
low complexity
mit oracle canonical debian opensuse suse CWE-763
5.0
2014-12-16 CVE-2014-5353 Null Pointer Dereference vulnerability in multiple products
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
3.5