Approved changes feed: RSS · Atom
cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
part: a version: 5-1.6.3 update: *
| Vendor | Mit (82b7f5d9-694f-5ac9-86aa-26958677636b) |
|---|---|
| Product | Kerberos (ab07bd70-6c10-5879-bae9-3aee11ead814) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2011-0282 |
vulnerable | 2026-06-08 04:56:36.433623 |
Details available
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.
Published: 2011-02-10T17:00:00.000Z
Updated: 2024-08-06T21:51:07.938Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-0281 |
vulnerable | 2026-06-08 04:56:36.426850 |
Details available
The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.
Published: 2011-02-10T17:00:00.000Z
Updated: 2024-08-06T21:51:07.754Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4212 |
vulnerable | 2026-06-08 04:51:47.600520 |
Details available
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Published: 2010-01-13T19:00:00.000Z
Updated: 2024-08-07T06:54:10.078Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-0847 |
vulnerable | 2026-06-08 04:51:11.643636 |
Details available
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
Published: 2009-04-09T00:00:00.000Z
Updated: 2024-08-07T04:48:52.604Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-0845 |
vulnerable | 2026-06-08 04:51:11.633957 |
Details available
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
Published: 2009-03-27T16:00:00.000Z
Updated: 2024-08-07T04:48:52.589Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-0844 |
vulnerable | 2026-06-08 04:51:11.628713 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.