CVSS: 9.4EPSS: 0%CPEs: 32EXPL: 0CVE-2024-37370 – krb5: GSS message token handling
https://notcve.org/view.php?id=CVE-2024-37370
28 Jun 2024 — In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede modificar el campo Extra Count de texto plano de un token de envoltura GSS krb5 confidencial, lo que hace que el token desenvuelto aparezca truncado para la aplicación. A vulnerability was found in the MIT Kerberos 5 GSS k... • https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.4EPSS: 0%CPEs: 31EXPL: 0CVE-2024-37371 – krb5: GSS message token handling
https://notcve.org/view.php?id=CVE-2024-37371
28 Jun 2024 — In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. En MIT Kerberos 5 (también conocido como krb5) anterior a 1.21.3, un atacante puede provocar lecturas de memoria no válidas durante el manejo de tokens de mensajes GSS al enviar tokens de mensajes con campos de longitud no válidos. A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the pla... • https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-26461 – krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
https://notcve.org/view.php?id=CVE-2024-26461
26 Feb 2024 — Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Kerberos 5 (también conocido como krb5) 1.21.2 contiene una vulnerabilidad de pérdida de memoria en /krb5/src/lib/gssapi/krb5/k5sealv3.c. A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion. It was discovered that Kerberos incorrectly handled certain memory operations. • https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md • CWE-401: Missing Release of Memory after Effective Lifetime CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-39975 – krb5: double-free in KDC TGS processing
https://notcve.org/view.php?id=CVE-2023-39975
16 Aug 2023 — kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. kdc/do_tgs_req.c en MIT Kerberos 5 (también conocido como krb5) 1.21 antes de 1.21.2 tiene un double free que es accesible si un usuario autenticado puede desencadenar un error de gestión de datos de autorización. Los datos incorrectos se copian de un ticket a otro. A vulnerabilit... • https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 • CWE-415: Double Free •
CVSS: 6.8EPSS: 2%CPEs: 9EXPL: 0CVE-2023-36054 – krb5: Denial of service through freeing uninitialized pointer
https://notcve.org/view.php?id=CVE-2023-36054
07 Aug 2023 — lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship betwee... • https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.0EPSS: 6%CPEs: 7EXPL: 1CVE-2022-42898 – krb5: integer overflow vulnerabilities in PAC parsing
https://notcve.org/view.php?id=CVE-2022-42898
21 Nov 2022 — PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." El análisis sintáctico de PAC en MIT Kerberos 5 (también conocido como krb5) antes de 1.19.4 y... • https://bugzilla.samba.org/show_bug.cgi?id=15203 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-39028 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2022-39028
30 Aug 2022 — telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not sup... • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27428
https://notcve.org/view.php?id=CVE-2020-27428
05 Jan 2022 — A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. Una vulnerabilidad de tipo cross-site scripting (XSS) basada en DOM en Scratch-Svg-Renderer versión v0.2.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un archivo sb3 diseñado. • https://github.com/LLK/scratch-svg-renderer/commit/7c74ec7de3254143ec3c557677f5355a90a3d07f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37750 – krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field
https://notcve.org/view.php?id=CVE-2021-37750
23 Aug 2021 — The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. El Centro de Distribución de Claves (KDC) en MIT Kerberos 5 (también se conoce como krb5) versiones anteriores a 1.18.5 y 1.19.x versiones anteriores a 1.19.3, presenta una desreferencia de puntero NULL en el archivo kdc/do_tgs_req.c por medio de un cuerpo interno FAST que carece de un campo de servidor. A fl... • https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 5%CPEs: 9EXPL: 0CVE-2021-36222 – krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS
https://notcve.org/view.php?id=CVE-2021-36222
22 Jul 2021 — ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. La función ec_verify en el archivo kdc/kdc_preauth_ec.c en el Centro de Distribución de Claves (KDC) en MIT Kerberos 5 (también se conoce como krb5) versiones anteriores a 1.18.4 y versiones 1.19.x anteriores a 1... • https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 • CWE-476: NULL Pointer Dereference •