Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 10 of 129 results

CVE-2024-37371

Medium priority

Some fixes available 6 of 7

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-37370

Medium priority

Some fixes available 6 of 7

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-26462

Medium priority
Vulnerable

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-26461

Low priority
Vulnerable

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-26458

Negligible priority
Vulnerable

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-39975

Medium priority
Not affected

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-36054

Medium priority
Fixed

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec...

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-3326

Low priority
Vulnerable

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a...

2 affected packages

libpam-krb5, sssd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-krb5 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
sssd Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-42898

Medium priority

Some fixes available 13 of 21

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which...

3 affected packages

heimdal, krb5, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
heimdal Vulnerable Vulnerable Fixed Fixed Fixed
krb5 Not affected Fixed Fixed Fixed Fixed
samba Not affected Fixed Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-37750

Medium priority

Some fixes available 2 of 4

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

1 affected packages

krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
krb5 Not affected Not affected Fixed Fixed Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON