CVE-2014-5355

NameCVE-2014-5355
DescriptionMIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1265-1
NVD severitymedium (attack range: remote)
Debian Bugs778647

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
krb5 (PTS)jessie1.12.1+dfsg-19+deb8u4fixed
jessie (security)1.12.1+dfsg-19+deb8u5fixed
stretch1.15-1+deb9u1fixed
buster, sid1.17-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
krb5source(unstable)1.12.1+dfsg-18medium778647
krb5sourcewheezy1.10.1+dfsg-5+deb7u9mediumDLA-1265-1

Notes

[squeeze] - krb5 <no-dsa> (Minor issue)
Upstream commit: https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec

Search for package or bug name: Reporting problems