CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.8%
The unparse implementation in the Key Distribution Center (KDC) in MIT
Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used,
allows remote attackers to cause a denial of service (file descriptor
exhaustion and daemon hang) via a principal name that triggers use of a
backslash escape sequence, as demonstrated by a \n sequence.