In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | krb5 | <= 1.20.1-2+deb12u1 | krb5_1.20.1-2+deb12u1_all.deb |
Debian | 11 | all | krb5 | <= 1.18.3-6+deb11u4 | krb5_1.18.3-6+deb11u4_all.deb |
Debian | 999 | all | krb5 | < 1.21.3-1 | krb5_1.21.3-1_all.deb |
Debian | 13 | all | krb5 | <= 1.21.2-1 | krb5_1.21.2-1_all.deb |