CVE-2013-1416

EPSS 2.3%

Published: 4/19/2013Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-1416

Description

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

Affected packages (1)

Debian/krb5from 0, < 1.10.1+dfsg-5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-1416