Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2019-14844

Published: 26 September 2019

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

Notes

AuthorNote
mdeslaur
introduced by:
https://github.com/krb5/krb5/commit/a649279727490687d54becad91fde8cf7429d951

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
disco Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(debian: not present in any MIT krb5 release)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/krb5/krb5/commit/275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H