VYPR

krb5

by MIT Kerberos

Source repositories

CVEs (4)

  • CVE-2017-15088CriNov 23, 2017
    risk 0.64cvss 9.8epss 0.08

    plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations…

  • CVE-2017-11462CriSep 13, 2017
    risk 0.64cvss 9.8epss 0.05

    Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.

  • CVE-2014-9421Feb 19, 2015
    risk 0.00cvss epss 0.06

    The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of…

  • CVE-2014-4343Aug 14, 2014
    risk 0.00cvss epss 0.06

    Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute…

VYPR — Vulnerability Intelligence