Search for vulnerabilities
Vulnerability details: VCID-rt9f-m8sj-aaah
Vulnerability ID VCID-rt9f-m8sj-aaah
Aliases CVE-2013-1416
Summary The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1416.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0748
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.02637 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.04334 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.94080 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.94080 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.94080 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.94080 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95142 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
epss 0.95634 https://api.first.org/data/v1/epss?cve=CVE-2013-1416
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=949984
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416
cvssv2 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2013-1416
generic_textual Medium https://ubuntu.com/security/notices/USN-2310-1
Reference id Reference type URL
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.html
http://lists.opensuse.org/opensuse-updates/2013-05/msg00011.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00041.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00102.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1416.html
http://rhn.redhat.com/errata/RHSA-2013-0748.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
https://ubuntu.com/security/notices/USN-2310-1
http://www.mandriva.com/security/advisories?name=MDVSA-2013:157
http://www.mandriva.com/security/advisories?name=MDVSA-2013:158
704775 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775
949984 https://bugzilla.redhat.com/show_bug.cgi?id=949984
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2013-1416 https://nvd.nist.gov/vuln/detail/CVE-2013-1416
GLSA-201312-12 https://security.gentoo.org/glsa/201312-12
RHSA-2013:0748 https://access.redhat.com/errata/RHSA-2013:0748
USN-2310-1 https://usn.ubuntu.com/2310-1/
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1416
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84389
EPSS Score 0.02637
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.