Denial of Service (DoS) Affecting krb5 package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
2.61% (84th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-KRB5-10078747
  • published8 May 2025
  • disclosed18 Nov 2013
  • creditUnknown

Introduced: 18 Nov 2013

CVE-2013-6800  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

There is no fixed version for krb5.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS). An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.

References

CVSS Base Scores

version 3.1