VulnerableCode Package Details - pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5

Search for packages

Vulnerability	Summary	Fixed by
VCID-9m1b-dbbz-27dq Aliases: CVE-2025-24528		1.20.1-2+deb12u3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.20.1-2+deb12u4 Affected by 0 other vulnerabilities.
VCID-htwj-z8xz-puh7 Aliases: CVE-2025-3576	A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.	1.20.1-2+deb12u3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.20.1-2+deb12u4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9m1b-dbbz-27dq
Aliases:
CVE-2025-24528

1.20.1-2+deb12u3
Affected by 1 other vulnerability.

1.20.1-2+deb12u4
Affected by 0 other vulnerabilities.

VCID-htwj-z8xz-puh7
Aliases:
CVE-2025-3576

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

1.20.1-2+deb12u3
Affected by 1 other vulnerability.

1.20.1-2+deb12u4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3y1h-rrkp-u3a8	ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.	CVE-2021-36222
VCID-6u99-q9jp-uufv	lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.	CVE-2023-36054
VCID-kpgs-tn61-1kem	PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."	CVE-2022-42898
VCID-q4c8-fse8-j7ce	In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.	CVE-2024-37371
VCID-ugjs-k8a1-sue3	The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.	CVE-2021-37750
VCID-yseg-9x35-4kfk	MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.	CVE-2020-28196
VCID-z6g5-ha7v-9fdk	In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.	CVE-2024-37370

Vulnerability

Summary

Aliases

VCID-3y1h-rrkp-u3a8

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

CVE-2021-36222

VCID-6u99-q9jp-uufv

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

CVE-2023-36054

VCID-kpgs-tn61-1kem

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

CVE-2022-42898

VCID-q4c8-fse8-j7ce

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

CVE-2024-37371

VCID-ugjs-k8a1-sue3

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

CVE-2021-37750

VCID-yseg-9x35-4kfk

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

CVE-2020-28196

VCID-z6g5-ha7v-9fdk

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

CVE-2024-37370

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T18:29:43.721420+00:00	Debian Oval Importer	Fixing	VCID-z6g5-ha7v-9fdk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:28:05.272153+00:00	Debian Oval Importer	Fixing	VCID-ugjs-k8a1-sue3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:07:57.672166+00:00	Debian Oval Importer	Fixing	VCID-q4c8-fse8-j7ce	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:45:38.455972+00:00	Debian Oval Importer	Fixing	VCID-3y1h-rrkp-u3a8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:32:41.437654+00:00	Debian Oval Importer	Fixing	VCID-yseg-9x35-4kfk	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:04:12.559671+00:00	Debian Oval Importer	Fixing	VCID-6u99-q9jp-uufv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:52:51.526261+00:00	Debian Oval Importer	Affected by	VCID-htwj-z8xz-puh7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:14:27.155997+00:00	Debian Oval Importer	Fixing	VCID-kpgs-tn61-1kem	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:32:17.107006+00:00	Debian Oval Importer	Affected by	VCID-9m1b-dbbz-27dq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0