CVE-2019-14844

Published: 9/26/2019 Last updated: 8/5/2024 Reserved: 8/10/2019

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	7.5	High	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (2)

conf-gssapi krb

Products affected (1)

Product	Vendor	Version
krb5	MIT	7.9 All

References (12)

https://github.com/krb5/krb5/pull/981
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC/
https://security.netapp.com/advisory/ntap-20220325-0003/
https://github.com/krb5/krb5/pull/981
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC/
https://security.netapp.com/advisory/ntap-20220325-0003/