Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0072 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | |||||
| CVE-2000-0550 | 2 Cygnus, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. | |||||
| CVE-1999-1321 | 1 Mit | 1 Kerberos | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. | |||||
| CVE-2000-0390 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. | |||||
| CVE-2000-0389 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
| Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. | |||||
| CVE-1999-0143 | 3 Mit, Process Software, Sun | 4 Kerberos, Kerberos 5, Multinet and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. | |||||
| CVE-2003-0138 | 1 Mit | 1 Kerberos | 2025-04-03 | 7.5 HIGH | N/A |
| Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||||
| CVE-2000-0546 | 3 Cygnus Network Security Project, Kerbnet Project, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. | |||||
| CVE-2000-0548 | 3 Cygnus Network Security Project, Kerbnet Project, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. | |||||
| CVE-2003-0082 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | |||||
| CVE-2018-5710 | 1 Mit | 1 Kerberos | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. | |||||
| CVE-2018-5709 | 1 Mit | 1 Kerberos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. | |||||
| CVE-2018-20217 | 2 Debian, Mit | 2 Debian Linux, Kerberos | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. | |||||