Search for vulnerabilities
Vulnerability details: VCID-vcbc-kqgx-aaan
Vulnerability ID VCID-vcbc-kqgx-aaan
Aliases CVE-2013-1415
Summary The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1415.html
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0656
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.0074 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.01588 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.01588 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.01588 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.01847 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.06521 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.07399 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.07399 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.07399 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
epss 0.07399 https://api.first.org/data/v1/epss?cve=CVE-2013-1415
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=914749
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-1415
generic_textual Medium https://ubuntu.com/security/notices/USN-2310-1
generic_textual Medium http://web.mit.edu/kerberos/www/krb5-1.10/
Reference id Reference type URL
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7577
http://lists.opensuse.org/opensuse-updates/2013-03/msg00090.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1415.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415
http://secunia.com/advisories/55040
https://github.com/krb5/krb5/commit/f249555301940c6df3a2cdda13b56b5674eebc2e
https://ubuntu.com/security/notices/USN-2310-1
http://web.mit.edu/kerberos/www/krb5-1.10/
http://web.mit.edu/kerberos/www/krb5-1.11/
http://www.mandriva.com/security/advisories?name=MDVSA-2013:157
914749 https://bugzilla.redhat.com/show_bug.cgi?id=914749
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
CVE-2013-1415 https://nvd.nist.gov/vuln/detail/CVE-2013-1415
RHSA-2013:0656 https://access.redhat.com/errata/RHSA-2013:0656
USN-2310-1 https://usn.ubuntu.com/2310-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1415
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.70613
EPSS Score 0.0074
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.