Improper input validation in Mit Kerberos

CVE-2010-0283

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.037 (88.2th percentile) — read the EPSS interpretation.

Affected products

Mit Kerberos — versions 5-1.8
Mit Kerberos_5 — versions 1.7, 1.7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

APPLE-SA-2010-06-15-1 (vendor-advisory, x_refsource_APPLE)
FEDORA-2010-1722 (vendor-advisory, x_refsource_FEDORA)
38598 (x_refsource_SECUNIA, third-party-advisory)
39023 (x_refsource_SECUNIA, third-party-advisory)
40220 (x_refsource_SECUNIA, third-party-advisory)
1023593 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20100216 MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service (mailing-list, x_refsource_BUGTRAQ)
38260 (vdb-entry, x_refsource_BID)