Mit: >> Kerberos 5 >> 1.21.1 Security Vulnerabilities
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
CVSS Score
9.1
EPSS Score
0.007
Published
2024-06-28
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-28
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
CVSS Score
8.8
EPSS Score
0.013
Published
2023-08-16