Updated: 2024-11-21 21:14:18.597283
Description:
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4 |
CVSS Version 3.x | MEDIUM | 6.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | krb5 | 1.10.3 | 6.5 | MEDIUM | Not Vulnerable | 2022-02-14 08:36:26 | ||
CentOS 7 ELS | krb5 | 1.15.1 | 6.5 | MEDIUM | Already Fixed | 2023-09-19 09:30:22 | ||
CentOS 8.4 ELS | krb5 | 1.18.2-8.3 | 6.5 | MEDIUM | Already Fixed | 2023-10-30 11:22:09 | ||
CentOS 8.5 ELS | krb5 | 1.18.2-14 | 6.5 | MEDIUM | Already Fixed | 2023-10-30 11:22:09 | ||
CloudLinux 6 ELS | krb5 | 1.10.3 | 6.5 | MEDIUM | Not Vulnerable | 2022-02-14 08:36:26 | ||
Oracle Linux 6 ELS | krb5 | 1.10.3 | 6.5 | MEDIUM | Not Vulnerable | 2022-02-14 08:36:26 | ||
Ubuntu 16.04 ELS | krb5 | 1.13.2 | 6.5 | MEDIUM | Ignored | 2022-02-17 14:41:06 | ||
Ubuntu 18.04 ELS | krb5 | 1.16-2 | 6.5 | MEDIUM | Already Fixed | 2023-06-02 09:09:40 |