1. CVE-Search
  2. CVE-2019-14844
ID CVE-2019-14844
Summary A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.17.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-02-2023 - 23:35)
Impact:
Exploitability:
CWE CWE-628
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844
fedora
  • FEDORA-2019-2323661e5f
  • FEDORA-2019-320a5a6a68
  • FEDORA-2019-dc4e1d0fb6
misc https://github.com/krb5/krb5/pull/981
Last major update 12-02-2023 - 23:35
Published 26-09-2019 - 12:15
Last modified 12-02-2023 - 23:35
Back to Top