CVE-2019-14844

Опубликовано: 26 сент. 2019

Источник: redhat

CVSS3: 7.5

Описание

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

A flaw was found in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

Отчет

This flaw affects the krb5 server only; client-side packages are not affected. This flaw does not affect any krb5 packages shipped with Red Hat products.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	krb5	Not affected
Red Hat Enterprise Linux 6	krb5	Not affected
Red Hat Enterprise Linux 7	krb5	Not affected
Red Hat Enterprise Linux 8	krb5	Not affected
Red Hat JBoss Core Services	krb5	Not affected
Red Hat JBoss Enterprise Web Server 2	krb5	Not affected
Red Hat Virtualization 4	redhat-virtualization-host	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-628

https://bugzilla.redhat.com/show_bug.cgi?id=1753589krb5: reversed strlcpy() allows client to crash the KDC

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-14844

CVSS3: 7.5

ubuntu

больше 6 лет назад

CVE-2019-14844

CVSS3: 7.5

nvd

больше 6 лет назад

CVE-2019-14844

CVSS3: 7.5

msrc

больше 4 лет назад

A flaw was found in Fedora versions of krb5 from 1.16.1 to including 1.17.x in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

CVE-2019-14844

CVSS3: 7.5

debian

больше 6 лет назад

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including ...

GHSA-5445-rx9p-gmmp

CVSS3: 7.5

github

больше 3 лет назад

7.5 High

CVSS3