Out-of-bounds Read in Mit Kerberos_5
CVE-2014-4341
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
Vulnerability class: Buffer Overflow
EPSS: 0.145 (94.6th percentile) — read the EPSS interpretation.
Affected products
- Mit Kerberos_5
- Debian Debian_linux — versions 7.0
- Fedoraproject Fedora — versions 20
- Redhat Enterprise_linux_desktop — versions 7.0
- Redhat Enterprise_linux_eus — versions 7.3, 7.4, 7.5
- Redhat Enterprise_linux_server — versions 7.0
- Redhat Enterprise_linux_server_aus — versions 7.3, 7.4, 7.6
- Redhat Enterprise_linux_server_eus — versions 7.3, 7.4, 7.6
- Redhat Enterprise_linux_tus — versions 7.3, 7.6, 7.7
- Redhat Enterprise_linux_workstation — versions 7.0
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
- mit-kerberos-cve20144341-dos(94904) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
- RHSA-2015:0439 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 60448 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- FEDORA-2014-8189 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- 68909 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- DSA-3000 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- MDVSA-2014:165 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)