Search for vulnerabilities
Vulnerability details: VCID-jy7t-yd1h-aaar
Vulnerability ID VCID-jy7t-yd1h-aaar
Aliases CVE-2013-1418
Summary The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1418.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1245
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1389
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.05268 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.0586 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.0586 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.0586 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.0586 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.0586 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.0586 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.0586 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.08208 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.82032 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.82032 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.82032 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.82032 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
epss 0.93632 https://api.first.org/data/v1/epss?cve=CVE-2013-1418
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2013-1418
generic_textual Medium https://ubuntu.com/security/notices/USN-2310-1
Reference id Reference type URL
http://advisories.mageia.org/MGASA-2013-0335.html
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1418.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1418
https://bugzilla.redhat.com/show_bug.cgi?id=1026942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
https://ubuntu.com/security/notices/USN-2310-1
http://web.mit.edu/kerberos/krb5-1.10/README-1.10.7.txt
http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt
http://www.securityfocus.com/bid/63555
728845 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
CVE-2013-1418 https://nvd.nist.gov/vuln/detail/CVE-2013-1418
GLSA-201312-12 https://security.gentoo.org/glsa/201312-12
RHSA-2014:1245 https://access.redhat.com/errata/RHSA-2014:1245
RHSA-2014:1389 https://access.redhat.com/errata/RHSA-2014:1389
USN-2310-1 https://usn.ubuntu.com/2310-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1418
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89039
EPSS Score 0.05268
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.