pkg:Debian/krb5
170 total CVEsCRITICAL9HIGH16MEDIUM25LOW4
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2017-15088plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which…from 0, < 1.15.2-2
- CRITICAL9.8CVE-2017-11462Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion…from 0, < 1.15.2-1
- from 0, < 1.6.dfsg.3~beta1-4
- from 0, < 1.3.6-2sarge6
- CRITICAL9.8CVE-2005-1689Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbit…from 0, < 1.3.6-4
- CRITICAL9.8CVE-2004-0772Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to exe…from 0, < 1.3.4-3
- from 0, < 1.2.5-2
- from 0, < 1.2.4-5woody1
- CRITICAL9.1CVE-2024-37371In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message…from 0, < 1.18.3-6+deb11u5
- from 0, < 1.18.3-6+deb11u3
- from 0, < 1.17-3+deb10u5
- from 0, < 1.18.3-6+deb11u3
- from 0, < 1.18.3-6+deb11u5
- from 0, < 1.18.3-6+deb11u5
- HIGH7.5CVE-2024-26461Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.from 0
- from 0, < 1.18.3-6
- from 0, < 1.17-3+deb10u2
- from 0, < 1.15-1+deb9u2
- from 0, < 1.18.3-1
- from 0, < 1.17-3+deb10u1
- from 0
- HIGH7.5CVE-2015-8630The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (ak…from 0, < 1.13.2+dfsg-5
- HIGH7.5CVE-2008-0063The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error m…from 0, < 1.6.dfsg.3~beta1-4
- from 0, < 1.18.3-6+deb11u6
- from 0, < 1.18.3-6+deb11u6
- from 0, < 1.17-3+deb10u6
- from 0, < 1.18.3-6+deb11u4
- MEDIUM6.5CVE-2021-37750The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc…from 0, < 1.18.3-6+deb11u1
- from 0, < 1.16.1-1
- from 0, < 1.10.1+dfsg-5+deb7u8
- from 0, < 1.15.1-2
- MEDIUM6.5CVE-2016-3120The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x be…from 0, < 1.14.3+dfsg-1
- MEDIUM6.5CVE-2015-8631Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow…from 0, < 1.13.2+dfsg-5
- from 0, < 1.7+dfsg-1
- from 0, < 1.6.dfsg.4~beta1-5lenny3
- MEDIUM6.3CVE-2010-4020MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to…from 0, < 1.8.3+dfsg-3
- MEDIUM5.9CVE-2026-40356In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_acce…from 0
- MEDIUM5.9CVE-2026-40355In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a syste…from 0
- from 0, < 1.18.3-6+deb11u7
- from 0, < 1.18.3-6+deb11u7
- MEDIUM5.5CVE-2024-26462Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.from 0, < 1.20.1-2+deb12u3
- MEDIUM5.3CVE-2024-26458Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.from 0
- from 0, < 1.12.1+dfsg-19+deb8u5
- from 0, < 1.15-1+deb9u3
- from 0, < 1.16.2-1
- MEDIUM5.3CVE-2016-3119The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb…from 0, < 1.14.2+dfsg-1
- from 0, < 1.10.1+dfsg-5+deb7u7
- from 0, < 1.13.2+dfsg-5
- from 0, < 1.8.3+dfsg-4squeeze11
- MEDIUM4.7CVE-2018-5729MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of se…from 0, < 1.16.1-1
- LOW3.8CVE-2018-5730MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN cont…from 0, < 1.16.1-1
- LOW3.7CVE-2010-1324MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remot…from 0, < 1.8.3+dfsg-3
- from 0, < 1.8.3+dfsg-3
- from 0, < 1.6.dfsg.4~beta1-5lenny6
- —CVE-2015-2698The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly…from 0, < 1.13.2+dfsg-4
- from 0, < 1.13.2+dfsg-3
- from 0, < 1.10.1+dfsg-5+deb7u6
- —CVE-2015-2696lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers…from 0, < 1.13.2+dfsg-3
- from 0, < 1.8.3+dfsg-4squeeze10
- from 0, < 1.10.1+dfsg-5+deb7u4
- from 0, < 1.13.2+dfsg-3
- —CVE-2015-2694The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has be…from 0, < 1.12.1+dfsg-20
- —CVE-2014-5355MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '…from 0, < 1.12.1+dfsg-18
- —CVE-2014-9423The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.…from 0, < 1.12.1+dfsg-17
- —CVE-2014-9422The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.…from 0, < 1.12.1+dfsg-17
- —CVE-2014-9421The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and…from 0, < 1.12.1+dfsg-17
- from 0, < 1.8.3+dfsg-4squeeze9
- from 0, < 1.10.1+dfsg-5+deb7u3
- from 0, < 1.12.1+dfsg-17
- —CVE-2014-5354plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows…from 0, < 1.12.1+dfsg-16
- —CVE-2014-5353The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.…from 0, < 1.12.1+dfsg-16
- —CVE-2014-5351The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys…from 0, < 1.12.1+dfsg-10
- —CVE-2014-4345Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmi…from 0, < 1.12.1+dfsg-7
- —CVE-2014-4344The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x befor…from 0, < 1.12.1+dfsg-5
- —CVE-2014-4343Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (a…from 0, < 1.12.1+dfsg-5
- —CVE-2014-4342MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL…from 0, < 1.12.1+dfsg-4
- from 0, < 1.12.1+dfsg-4
- from 0, < 1.8.3+dfsg-4squeeze8
- from 0, < 1.10.1+dfsg-5+deb7u2
- —CVE-2013-1417do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is us…from 0, < 1.11.3+dfsg-3+nmu1
- from 0, < 1.11.3+dfsg-3+nmu1
- from 0, < 1.10.1+dfsg-5+deb7u9
- from 0, < 1.10.1+dfsg-6
- from 0, < 1.8.3+dfsg-4squeeze7
- —CVE-2013-1416The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not pr…from 0, < 1.10.1+dfsg-5
- —CVE-2013-1415The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution C…from 0, < 1.10.1+dfsg-4
- —CVE-2012-1016The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center…from 0, < 1.10.1+dfsg-4+nmu1
- —CVE-2012-1015The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5,…from 0, < 1.10.1+dfsg-2
- from 0, < 1.8.3+dfsg-4squeeze6
- from 0, < 1.10.1+dfsg-2
- —CVE-2012-1013The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.…from 0, < 1.10.1+dfsg-3
- —CVE-2012-1012server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict acce…from 0, < 1.10.1+dfsg-1
- from 0, < 1.6.dfsg.4~beta1-5lenny7
- from 0, < 1.8+dfsg~aa+r23527-1
- —CVE-2011-1530The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows rem…from 0, < 1.10+dfsg~alpha1-7
- —CVE-2011-4151The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka…from 0, < 1.10+dfsg~alpha1-1
- —CVE-2011-1529The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.…from 0, < 1.10+dfsg~alpha1-1
- from 0, < 1.8.3+dfsg-4squeeze5
- from 0, < 1.10+dfsg~alpha1-1
- —CVE-2011-1527The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, al…from 0, < 1.10+dfsg~alpha1-1
- —CVE-2011-0285The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9…from 0, < 1.9.1+dfsg-1
- —CVE-2011-0284Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)…from 0, < 1.8.3+dfsg-6
- —CVE-2011-0282The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to…from 0, < 1.8.3+dfsg-5
- —CVE-2011-0281The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is use…from 0, < 1.8.3+dfsg-5
- —CVE-2010-4022The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalo…from 0, < 1.8.3+dfsg-5
- —CVE-2010-4021The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS r…from 0, < 1.8+dfsg~alpha1-1
- —CVE-2010-1322The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not…from 0, < 1.8.3+dfsg-2
- from 0, < 1.8.1+dfsg-3
- from 0, < 1.6.dfsg.4~beta1-5lenny4
- —CVE-2010-1320Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 al…from 0, < 1.8.1+dfsg-2
- —CVE-2010-0628The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka kr…from 0, < 1.8+dfsg-1.1
- —CVE-2010-0283The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial o…from 0, < 1.8+dfsg~alpha1-7
- from 0, < 1.4.4-7etch8
- from 0, < 1.8+dfsg~alpha1-1
- —CVE-2009-3295The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT…from 0, < 1.7+dfsg-4
- —CVE-2009-0847The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause…from 0, < 1.6.dfsg.4~beta1-13
- —CVE-2009-0846The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) befo…from 0, < 1.6.dfsg.4~beta1-13
- from 0, < 1.4.4-7etch7
- from 0, < 1.6.dfsg.4~beta1-13
- —CVE-2009-0845The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO i…from 0, < 1.6.dfsg.4~beta1-13
- —CVE-2008-0947Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to exec…from 0, < 1.6.dfsg.3~beta1-4
- —CVE-2008-0948Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably ot…from 0, < 1.3-1
- —CVE-2007-5972Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and…from 0, < 1.6.dfsg.4~beta1-1
- —CVE-2007-5971Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown…from 0, < 1.6.dfsg.4~beta1-1
- —CVE-2007-5894The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certa…from 0, < 1.6.dfsg.4~beta1-1
- —CVE-2007-5901Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown…from 0, < 1.6.dfsg.4~beta1-1
- —CVE-2007-5902Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to ha…from 0, < 1.6.dfsg.4~beta1-1
- from 0, < 1.6.dfsg.1-7
- —CVE-2007-4000The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (…from 0, < 1.6.dfsg.1-7
- from 0, < 1.6.dfsg.1-7
- from 0, < 1.4.4-7etch4
- from 0, < 1.3.6-2sarge5
- from 0, < 1.6.dfsg.1-5
- —CVE-2007-2443Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earl…from 0, < 1.6.dfsg.1-5
- —CVE-2007-2798Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remo…from 0, < 1.6.dfsg.1-5
- —CVE-2007-0957Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind)…from 0, < 1.4.4-8
- —CVE-2007-1216Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in M…from 0, < 1.4.4-8
- from 0, < 1.3.6-2sarge4
- from 0, < 1.4.4-8
- —CVE-2006-6143The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other produ…from 0, < 1.4.4-6
- from 0, < 1.4.3-9
- from 0, < 1.3.6-2sarge3
- —CVE-2006-3084The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not…from 0, < 1.4.3-9
- from 0, < 1.2.4-5woody10
- from 0, < 1.3.6-4
- —CVE-2005-1175Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause…from 0, < 1.3.6-4
- —CVE-2005-0488Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive e…from 0, < 1.8.3+dfsg-4
- from 0, < 1.3.6-2
- from 0, < 1.2.4-5woody8
- from 0, < 1.3.6-2
- —CVE-2004-0971The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allo…from 0, < 1.13.2+dfsg-2
- from 0, < 1.2.4-5woody7
- from 0, < 1.3.6-1
- —CVE-2004-0644The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a…from 0, < 1.3.4-3
- —CVE-2004-0643Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitra…from 0, < 1.3.4-3
- from 0, < 1.3.4-3
- from 0, < 1.2.4-5woody6
- from 0, < 1.3.3-2
- from 0, < 1.2.4-5woody5
- —CVE-2003-0082The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of servic…from 0, < 1.3.3-2
- —CVE-2003-0072The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of servic…from 0, < 1.2.7-3
- from 0, < 1.2.4-5woody4
- from 0, < 1.3.3-2
- —CVE-2003-0139Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are us…from 0, < 1.2.7-3
- from 0, < 1.2.7-3
- —CVE-2003-0059Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate…from 0, < 1.2.5-1
- —CVE-2003-0058MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KD…from 0, < 1.2.5-1
- —CVE-2003-0060Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers…from 0, < 1.2.4
- from 0, < 1.2.6-2
- from 0, < 1.2.4-5woody3