5

CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

Data is provided by the National Vulnerability Database (NVD)
MitKerberos 5 Version < 1.12.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
RedhatEnterprise Linux Tus Version7.3
RedhatEnterprise Linux Tus Version7.6
RedhatEnterprise Linux Tus Version7.7
DebianDebian Linux Version7.0
FedoraprojectFedora Version20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 12.61% 0.933
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/68909
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030706
Third Party Advisory
VDB Entry