CVE-2016-3119

MEDIUM5.3EPSS 10.2%

Published: 3/26/2016Modified: 4/28/2026

Description

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

Affected packages (2)

Alpine/krb5from 0, < 1.14-r2
Debian/krb5from 0, < 1.14.2+dfsg-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-3119
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-3119