VYPR
Unrated severityNVD Advisory· Published Oct 7, 2010· Updated Jun 16, 2026

CVE-2010-1322

CVE-2010-1322

Description

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Mit/Kerberos 55 versions
    cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
    • (no CPE)range: <1.8.4

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.