Approved changes feed: RSS · Atom

cpe:2.3:a:mit:kerberos:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMit (82b7f5d9-694f-5ac9-86aa-26958677636b)
ProductKerberos (ab07bd70-6c10-5879-bae9-3aee11ead814)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/krb5/krb5 purl2cpe 2026-06-01 10:16:02.394665
pkg:rpm/fedora/krb5 purl2cpe 2026-06-01 10:16:02.394666

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2018-5710 vulnerable 2026-06-08 05:11:51.634602 Details available
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
Published: 2018-01-16T09:00:00.000Z
Updated: 2024-08-05T05:40:51.143Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-5709 vulnerable 2026-06-08 05:11:51.634191 Details available
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
Published: 2018-01-16T09:00:00.000Z
Updated: 2024-08-05T05:40:51.202Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-20217 vulnerable 2026-06-08 05:11:26.850920 Details available
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Published: 2018-12-26T20:00:00.000Z
Updated: 2024-08-05T11:58:19.090Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2000-0548 vulnerable 2026-06-08 04:45:18.305173 Details available
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
Published: 2000-10-13T04:00:00.000Z
Updated: 2024-08-08T05:21:31.013Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2000-0547 vulnerable 2026-06-08 04:45:18.304677 Details available
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
Published: 2000-07-12T04:00:00.000Z
Updated: 2024-08-08T05:21:31.011Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2000-0546 vulnerable 2026-06-08 04:45:18.302047 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.