Unrated severityNVD Advisory· Published Apr 2, 2003· Updated Apr 16, 2026

CVE-2003-0072

Description

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

Affected products

Mit/Kerberos2 versions
cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*
Mit/Kerberos 512 versions
cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txtnvdPatchVendor Advisory
www.debian.org/security/2003/dsa-266nvdPatchVendor Advisory
sunsolve.sun.com/search/document.donvd
www.redhat.com/support/errata/RHSA-2003-051.htmlnvd
www.redhat.com/support/errata/RHSA-2003-052.htmlnvd
www.securityfocus.com/archive/1/316960/30/25250/threadednvd
www.securityfocus.com/bid/7184nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000