CVE-2019-14844

HIGH

Fedora krb5 <1.17 - DoS

Title source: llm

Description

A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.

References (6)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844

[Patch, Third Party Advisory] https://github.com/krb5/krb5/pull/981

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220325-0003/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54ZYKEJZ77BXZWGF4NEVKC33ESVROEYC/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4LS5PIJOCNOUZGLO2OBT6GY334PUOSW/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDE2QOKK4I4TV4WV74ZQWICZ4HJN2MOK/

Scores

CVSS v3 7.5

EPSS 0.1170

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-628

Status published

Affected Products (4)

mit/kerberos_5 < 1.17.1

fedoraproject/fedora

Timeline

Published Sep 26, 2019

Tracked Since Feb 18, 2026