Approved changes feed: RSS · Atom

cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*

part: a version: 5-1.6.3 update: *

VendorMit (82b7f5d9-694f-5ac9-86aa-26958677636b)
ProductKerberos (ab07bd70-6c10-5879-bae9-3aee11ead814)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2011-0282 vulnerable 2026-06-08 04:56:36.433623 Details available
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
Published: 2011-02-10T17:00:00.000Z
Updated: 2024-08-06T21:51:07.938Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2011-0281 vulnerable 2026-06-08 04:56:36.426850 Details available
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
Published: 2011-02-10T17:00:00.000Z
Updated: 2024-08-06T21:51:07.754Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-4212 vulnerable 2026-06-08 04:51:47.600520 Details available
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Published: 2010-01-13T19:00:00.000Z
Updated: 2024-08-07T06:54:10.078Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-0847 vulnerable 2026-06-08 04:51:11.643636 Details available
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
Published: 2009-04-09T00:00:00.000Z
Updated: 2024-08-07T04:48:52.604Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-0845 vulnerable 2026-06-08 04:51:11.633957 Details available
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Published: 2009-03-27T16:00:00.000Z
Updated: 2024-08-07T04:48:52.589Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-0844 vulnerable 2026-06-08 04:51:11.628713 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.