Search for packages
| purl | pkg:deb/ubuntu/krb5@1.17-6 |
| Next non-vulnerable version | 1.17-6ubuntu4.1 |
| Latest non-vulnerable version | 1.17-6ubuntu4.1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-auyb-cyjc-aaap
Aliases: CVE-2020-28196 |
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. |
Affected by 0 other vulnerabilities. |
|
VCID-z695-hub6-aaar
Aliases: CVE-2018-20217 |
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|