CVE-2019-14844

Published: 26 September 2019

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: not present in any MIT krb5 release)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/krb5/krb5/commit/275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf

Notes

AuthorNote
mdeslaur
introduced by:
https://github.com/krb5/krb5/commit/a649279727490687d54becad91fde8cf7429d951

References

Bugs