Buffer overflow in Mit Kerberos

CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application s…

Vulnerability class: Buffer Overflow

EPSS: 0.081 (92.3th percentile) — read the EPSS interpretation.

Affected products

Mit Kerberos — versions 5-1.8, 5-1.10.5, 5-1.10.6
Mit Kerberos_5 — versions 1.7, 1.7.1, 1.8
Debian Debian_linux — versions 7.0
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_hpc_node — versions 7.0
Redhat Enterprise_linux_server — versions 7.0
Redhat Enterprise_linux_workstation — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
68908 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Patch, VDB Entry, Third Party Advisory)
RHSA-2015:0439 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
DSA-3000 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
mit-kerberos-cve20144342-dos(94903) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
MDVSA-2014:165 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
1030706 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
60082 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)