Search for packages
Package details: pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5
purl pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5
Next non-vulnerable version 1.20.1-2+deb12u4
Latest non-vulnerable version 1.21.3-5
Risk 3.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-7r8c-ac4p-5kfz
Aliases:
CVE-2025-3576
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
1.20.1-2+deb12u3
Affected by 1 other vulnerability.
1.20.1-2+deb12u4
Affected by 0 other vulnerabilities.
1.21.3-5
Affected by 0 other vulnerabilities.
VCID-c74d-mzay-2kb7
Aliases:
CVE-2025-24528
krb5: overflow when calculating ulog block size
1.20.1-2+deb12u2
Affected by 3 other vulnerabilities.
1.20.1-2+deb12u3
Affected by 1 other vulnerability.
1.21.3-5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-11c1-meqb-aaaf ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. CVE-2021-36222
VCID-auyb-cyjc-aaap MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. CVE-2020-28196
VCID-f6tt-xduh-aaas The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. CVE-2021-37750
VCID-m67b-g9qg-aaam In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370
VCID-puwp-5xjq-aaap lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. CVE-2023-36054
VCID-qr91-uuuy-aaas PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." CVE-2022-42898
VCID-wahm-6uhz-aaaj In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. CVE-2024-37371

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-22T19:25:43.179395+00:00 Debian Importer Fixing VCID-m67b-g9qg-aaam https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-22T18:19:55.714493+00:00 Debian Importer Fixing VCID-wahm-6uhz-aaaj https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-22T06:12:46.955264+00:00 Debian Importer Fixing VCID-puwp-5xjq-aaap None 36.1.3
2025-06-21T19:10:14.392715+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T14:48:23.383150+00:00 Debian Oval Importer Fixing VCID-puwp-5xjq-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:23:48.738838+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T06:44:22.622086+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas None 36.1.3
2025-06-21T04:19:27.380886+00:00 Debian Oval Importer Fixing VCID-auyb-cyjc-aaap None 36.1.3
2025-06-21T02:42:06.580957+00:00 Debian Oval Importer Fixing VCID-11c1-meqb-aaaf None 36.1.3
2025-06-21T01:48:48.429112+00:00 Debian Oval Importer Fixing VCID-f6tt-xduh-aaas None 36.1.3
2025-06-21T00:46:29.487963+00:00 Debian Importer Affected by VCID-7r8c-ac4p-5kfz https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-08T12:45:07.202839+00:00 Debian Oval Importer Fixing VCID-11c1-meqb-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:35:51.816181+00:00 Debian Oval Importer Fixing VCID-auyb-cyjc-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:15:33.264818+00:00 Debian Oval Importer Fixing VCID-puwp-5xjq-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:39:10.285450+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T07:41:45.249781+00:00 Debian Oval Importer Fixing VCID-puwp-5xjq-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:16:54.418461+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T00:23:52.655332+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas None 36.1.0
2025-06-07T21:55:29.579650+00:00 Debian Oval Importer Fixing VCID-auyb-cyjc-aaap None 36.1.0
2025-06-07T20:07:27.710055+00:00 Debian Oval Importer Fixing VCID-11c1-meqb-aaaf None 36.1.0
2025-06-07T19:12:07.436792+00:00 Debian Oval Importer Fixing VCID-f6tt-xduh-aaas None 36.1.0
2025-05-02T00:45:44.705142+00:00 Debian Importer Affected by VCID-7r8c-ac4p-5kfz https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-24T21:21:46.473916+00:00 Debian Importer Fixing VCID-qr91-uuuy-aaas None 36.0.0
2025-04-13T02:53:31.879002+00:00 Debian Oval Importer Affected by VCID-c74d-mzay-2kb7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:23:34.019536+00:00 Debian Oval Importer Fixing VCID-m67b-g9qg-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:23:30.246899+00:00 Debian Oval Importer Fixing VCID-wahm-6uhz-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:48:39.050303+00:00 Debian Oval Importer Fixing VCID-f6tt-xduh-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:32:00.600007+00:00 Debian Oval Importer Fixing VCID-11c1-meqb-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:22:24.562084+00:00 Debian Oval Importer Fixing VCID-auyb-cyjc-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:01:17.986586+00:00 Debian Oval Importer Fixing VCID-puwp-5xjq-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:23:49.351555+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T06:14:13.731330+00:00 Debian Oval Importer Fixing VCID-puwp-5xjq-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:49:28.570718+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T22:56:09.335758+00:00 Debian Oval Importer Fixing VCID-qr91-uuuy-aaas None 36.0.0
2025-04-07T20:26:03.387695+00:00 Debian Oval Importer Fixing VCID-auyb-cyjc-aaap None 36.0.0
2025-04-07T18:44:25.706306+00:00 Debian Oval Importer Fixing VCID-11c1-meqb-aaaf None 36.0.0
2025-04-07T17:49:57.209029+00:00 Debian Oval Importer Fixing VCID-f6tt-xduh-aaas None 36.0.0
2025-04-06T11:34:13.324725+00:00 Debian Importer Fixing VCID-m67b-g9qg-aaam https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-06T10:39:22.795928+00:00 Debian Importer Fixing VCID-wahm-6uhz-aaaj https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-05T23:58:31.285828+00:00 Debian Importer Fixing VCID-puwp-5xjq-aaap None 36.0.0
2025-02-22T00:08:56.758615+00:00 Debian Importer Fixing VCID-wahm-6uhz-aaaj https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-22T00:08:48.674371+00:00 Debian Importer Fixing VCID-m67b-g9qg-aaam https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T12:15:08.232144+00:00 Debian Importer Fixing VCID-puwp-5xjq-aaap None 35.1.0
2025-02-21T04:03:56.038542+00:00 Debian Importer Fixing VCID-qr91-uuuy-aaas None 35.1.0
2024-11-24T11:23:23.850528+00:00 Debian Importer Fixing VCID-wahm-6uhz-aaaj https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-24T11:23:18.284225+00:00 Debian Importer Fixing VCID-m67b-g9qg-aaam https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-10-11T07:11:31.127567+00:00 Debian Importer Fixing VCID-wahm-6uhz-aaaj https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-11T07:11:25.273464+00:00 Debian Importer Fixing VCID-m67b-g9qg-aaam https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-09-25T21:03:07.091447+00:00 Debian Importer Fixing VCID-wahm-6uhz-aaaj https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-25T21:03:00.930935+00:00 Debian Importer Fixing VCID-m67b-g9qg-aaam https://security-tracker.debian.org/tracker/data/json 34.0.1