Unrated severityNVD Advisory· Published Apr 19, 2013· Updated Apr 29, 2026
CVE-2013-1416
CVE-2013-1416
Description
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Affected products
12cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Patches
18ee70ec63931https://github.com/krb5/krb5via nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81nvdPatchThird Party Advisory
- krbdev.mit.edu/rt/Ticket/Display.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-05/msg00011.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-06/msg00041.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-06/msg00102.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0748.htmlnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
News mentions
0No linked articles in our index yet.