CVE-2019-14844

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

Published : 2019-09-26 12:15 Updated : 2019-10-09 23:46

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Mit Kerberos 5-1.17 cpe:/a:mit:kerberos:5-1.17
Fedoraproject Fedora 30 cpe:/o:fedoraproject:fedora:30
Fedoraproject Fedora 31 cpe:/o:fedoraproject:fedora:31
Redhat Enterprise Linux 8.0 cpe:/o:redhat:enterprise_linux:8.0
Mit Kerberos 5-1.16.1 cpe:/a:mit:kerberos:5-1.16.1
Mit Kerberos 5-1.16.2 cpe:/a:mit:kerberos:5-1.16.2
  1. Redhat (1) Search CVE
    1. Enterprise Linux (1) Search CVE
      1. 8.0
  2. Fedoraproject (1) Search CVE
    1. Fedora (2) Search CVE
      1. 30
      2. 31
  3. Mit (1) Search CVE
    1. Kerberos (3) Search CVE
      1. 5-1.17
      2. 5-1.16.1
      3. 5-1.16.2

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-09 23:46
2019-10-01 14:25
2019-09-26 12:49

New CVE