Search for vulnerabilities
Vulnerability details: VCID-g2bd-akys-aaas
Vulnerability ID VCID-g2bd-akys-aaas
Aliases CVE-2002-2443
Summary schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2002/CVE-2002-2443.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0942
epss 0.22221 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.23619 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.78744 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.78744 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.80692 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.80692 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
epss 0.95516 https://api.first.org/data/v1/epss?cve=CVE-2002-2443
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=962531
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2002-2443
generic_textual Low https://ubuntu.com/security/notices/USN-2810-1
Reference id Reference type URL
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-07/msg00007.html
http://people.canonical.com/~ubuntu-security/cve/2002/CVE-2002-2443.html
http://rhn.redhat.com/errata/RHSA-2013-0942.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json
https://api.first.org/data/v1/epss?cve=CVE-2002-2443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
https://ubuntu.com/security/notices/USN-2810-1
http://www.debian.org/security/2013/dsa-2701
http://www.mandriva.com/security/advisories?name=MDVSA-2013:166
http://www.ubuntu.com/usn/USN-2810-1
708267 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267
962531 https://bugzilla.redhat.com/show_bug.cgi?id=962531
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2002-2443 https://nvd.nist.gov/vuln/detail/CVE-2002-2443
GLSA-201312-12 https://security.gentoo.org/glsa/201312-12
RHSA-2013:0942 https://access.redhat.com/errata/RHSA-2013:0942
USN-2810-1 https://usn.ubuntu.com/2810-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2002-2443
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93206
EPSS Score 0.22221
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.