CVE-2014-4342
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0814 (8.1%)
Percentile: 92.2%
EPSS: 2026-05-06
Affects
debian:debian_linuxmit:kerberosmit:kerberos_5redhat:enterprise_linux_desktopredhat:enterprise_linux_hpc_noderedhat:enterprise_linux_serverredhat:enterprise_linux_workstationTechnical description
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
Published: 7/20/2014, 11:12:50 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html