Approved changes feed: RSS · Atom

cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*

part: a version: 1.12.2 update: *

VendorMit (82b7f5d9-694f-5ac9-86aa-26958677636b)
ProductKerberos 5 (774ea4a1-4fda-5d25-92ac-c66a6356a1e3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/krb5/krb5 purl2cpe 2026-06-01 10:16:02.475415
pkg:rpm/fedora/krb5 purl2cpe 2026-06-01 10:16:02.475416

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-11368 vulnerable 2026-06-08 05:08:37.489860 Details available
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
Published: 2017-08-09T18:00:00.000Z
Updated: 2024-08-05T18:05:30.590Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3119 vulnerable 2026-06-08 05:07:44.532959 Details available
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
Published: 2016-03-26T01:00:00.000Z
Updated: 2024-08-05T23:47:57.271Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-8630 vulnerable 2026-06-08 05:07:04.561222 Details available
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
Published: 2016-02-13T02:00:00.000Z
Updated: 2024-08-06T08:20:43.695Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-2694 vulnerable 2026-06-08 05:06:35.574568 Details available
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
Published: 2015-05-25T19:00:00.000Z
Updated: 2024-08-06T05:24:38.376Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-9423 vulnerable 2026-06-08 05:06:11.630306 Details available
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
Published: 2015-02-19T11:00:00.000Z
Updated: 2024-08-06T13:47:41.334Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-9422 vulnerable 2026-06-08 05:06:11.629648 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-9421 vulnerable 2026-06-08 05:06:11.628421 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-5355 vulnerable 2026-06-08 05:05:47.736861 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-5354 vulnerable 2026-06-08 05:05:47.719504 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-5352 vulnerable 2026-06-08 05:05:47.708824 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-5351 vulnerable 2026-06-08 05:05:47.707891 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.