Search for vulnerabilities
Vulnerability details: VCID-z3r2-2jru-aaaf
Vulnerability ID VCID-z3r2-2jru-aaaf
Aliases CVE-2013-1417
Summary do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1417.html
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.00878 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.01077 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.01077 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.01077 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.01077 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
epss 0.03344 https://api.first.org/data/v1/epss?cve=CVE-2013-1417
generic_textual Medium https://bugzilla.redhat.com/show_bug.cgi?id=1030743
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2013-1417
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1417.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1417
https://bugzilla.redhat.com/show_bug.cgi?id=1030743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417
https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc
http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt
730085 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085
cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*
CVE-2013-1417 https://nvd.nist.gov/vuln/detail/CVE-2013-1417
GLSA-201312-12 https://security.gentoo.org/glsa/201312-12
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1417
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.65083
EPSS Score 0.00543
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.