Approved changes feed: RSS · Atom
cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Mit (82b7f5d9-694f-5ac9-86aa-26958677636b) |
|---|---|
| Product | Kerberos (ab07bd70-6c10-5879-bae9-3aee11ead814) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/krb5/krb5 |
purl2cpe | 2026-06-01 10:16:02.394665 |
pkg:rpm/fedora/krb5 |
purl2cpe | 2026-06-01 10:16:02.394666 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-5710 |
vulnerable | 2026-06-08 05:11:51.634602 |
Details available
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
Published: 2018-01-16T09:00:00.000Z
Updated: 2024-08-05T05:40:51.143Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5709 |
vulnerable | 2026-06-08 05:11:51.634191 |
Details available
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
Published: 2018-01-16T09:00:00.000Z
Updated: 2024-08-05T05:40:51.202Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-20217 |
vulnerable | 2026-06-08 05:11:26.850920 |
Details available
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Published: 2018-12-26T20:00:00.000Z
Updated: 2024-08-05T11:58:19.090Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2000-0548 |
vulnerable | 2026-06-08 04:45:18.305173 |
Details available
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
Published: 2000-10-13T04:00:00.000Z
Updated: 2024-08-08T05:21:31.013Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2000-0547 |
vulnerable | 2026-06-08 04:45:18.304677 |
Details available
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
Published: 2000-07-12T04:00:00.000Z
Updated: 2024-08-08T05:21:31.011Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2000-0546 |
vulnerable | 2026-06-08 04:45:18.302047 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.