ALT-PU-2019-1019-2

Package update krb5 in branch sisyphus

Version1.16.3-alt1

Published2026-02-10

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM5.3

Уязвимость сетевого протокола аутентификации Kerberos, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-09

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

References

CVE-2018-20217

MEDIUM5.3

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

Published: 2018-12-26Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Closed bugs (1)

[FR] bootstrap knobs