What is CVE-2016-3120?

CVE-2016-3120 is a medium-severity vulnerability in Mit Kerberos_5, classified under NULL Pointer Dereference. CVSS score: 6.5/10. Published 2016-08-01.

How severe is CVE-2016-3120?

Medium severity. CVSS v3 base score is 6.5 out of 10.

NULL pointer dereference in Mit Kerberos_5

CVE-2016-3120

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, whi…

EPSS: 0.043 (89.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Mit Kerberos_5 — versions 1.13, 1.13.1, 1.13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

cve@mitre.org (x_refsource_CONFIRM)
92132 (vdb-entry, x_refsource_BID)
[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (mailing-list, x_refsource_MLIST)
openSUSE-SU-2016:2268 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Issue Tracking)
1036442 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
RHSA-2016:2591 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
FEDORA-2016-0674a3c372 (x_refsource_FEDORA, vendor-advisory)

Frequently asked questions

What is CVE-2016-3120?: CVE-2016-3120 is a medium-severity vulnerability in Mit Kerberos_5, classified under NULL Pointer Dereference. CVSS score: 6.5/10. Published 2016-08-01.
How severe is CVE-2016-3120?: Medium severity. CVSS v3 base score is 6.5 out of 10.