Denial of Service (DoS) The advisory has been revoked - it doesn't affect any version of package krb5  (opens in a new tab)


Threat Intelligence

EPSS
3.48% (88th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-KRB5-10078707
  • published8 May 2025
  • disclosed10 Feb 2011
  • creditUnknown

Introduced: 10 Feb 2011

CVE-2011-0282  (opens in a new tab)
CWE-400  (opens in a new tab)

Amendment

This was deemed not a vulnerability.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS). The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.