github - ghsa-5445-rx9p-gmmp

ghsa-5445-rx9p-gmmp

Vulnerability from github

Published

2022-05-24 16:56

Modified

2023-02-13 00:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-14844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-628"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-26T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 \"enctypes\". A remote unauthenticated user could use this flaw to crash the KDC.",
  "id": "GHSA-5445-rx9p-gmmp",
  "modified": "2023-02-13T00:30:57Z",
  "published": "2022-05-24T16:56:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14844"
    },
    {
      "type": "WEB",
      "url": "https://github.com/krb5/krb5/pull/981"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220325-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2019-14844 (GCVE-0-2019-14844)

Vulnerability from cvelistv5

Published

2019-09-26 11:50

Modified

2024-08-05 00:26

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-628

Summary

References

URL

Tags

	https://github.com/krb5/krb5/pull/981	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844	x_refsource_CONFIRM
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC/	vendor-advisory, x_refsource_FEDORA
	https://security.netapp.com/advisory/ntap-20220325-0003/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	MIT	krb5	Version: Fedora versions of krb5 from 1.16.1 to, including 1.17.x

Show details on NVD website