Search for vulnerabilities
Vulnerability details: VCID-7jjq-59qd-aaae
Vulnerability ID VCID-7jjq-59qd-aaae
Aliases CVE-2012-1016
Summary The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1016.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0656
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00643 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00719 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00719 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00719 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00719 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.00879 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
epss 0.02006 https://api.first.org/data/v1/epss?cve=CVE-2012-1016
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=917840
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2012-1016
generic_textual Medium https://ubuntu.com/security/notices/USN-2310-1
generic_textual Medium http://web.mit.edu/kerberos/www/krb5-1.10/
Reference id Reference type URL
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7527
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1016.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json
https://api.first.org/data/v1/epss?cve=CVE-2012-1016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016
http://secunia.com/advisories/55040
https://github.com/krb5/krb5/commit/db64ca25d661a47b996b4e2645998b5d7f0eb52c
https://ubuntu.com/security/notices/USN-2310-1
http://web.mit.edu/kerberos/www/krb5-1.10/
702633 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633
917840 https://bugzilla.redhat.com/show_bug.cgi?id=917840
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
CVE-2012-1016 https://nvd.nist.gov/vuln/detail/CVE-2012-1016
RHSA-2013:0656 https://access.redhat.com/errata/RHSA-2013:0656
USN-2310-1 https://usn.ubuntu.com/2310-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-1016
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.68213
EPSS Score 0.00643
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.