Vulnerability in Mit Kerberos_5

CVE-2014-5355

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer derefere…

EPSS: 0.082 (92.4th percentile) — read the EPSS interpretation.

Affected products

Mit Kerberos_5 — versions 1.1, 1.2, 1.2.1
N/a — versions n/a

References

RHSA-2015:0794 (x_refsource_REDHAT, vendor-advisory)
[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (mailing-list, x_refsource_MLIST)
openSUSE-SU-2015:0542 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
MDVSA-2015:069 (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM)
74042 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
USN-2810-1 (x_refsource_UBUNTU, vendor-advisory)