Kerberos

This hub aggregates every CVE we track for Kerberos, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Kerberos.

• BDU:2026-06234Уязвимость функции krb5int_utf8_normalize() компонента ucstr.c сетевого протокола аутентификации Kerberos, позволяющая нарушителю получить доступ к конфиденциальным данным3.3May 4, 2026
• BDU:2026-06233Уязвимость функции uccanoncompatdecomp() компонента ucdata.c сетевого протокола аутентификации Kerberos, позволяющая нарушителю вызвать отказ в обслуживании5.8May 4, 2026
• BDU:2026-06232Уязвимость функции decode_krb5_flags() компонента asn1_k_encode.c сетевого протокола аутентификации Kerberos, позволяющая нарушителю вызвать отказ в обслуживании5.3May 4, 2026
• BDU:2026-06235Уязвимость функции get_mech_set() компонента spnego_mech.c сетевого протокола аутентификации Kerberos, позволяющая нарушителю вызвать отказ в обслуживании3.3May 4, 2026
• BDU:2026-06215Уязвимость функции krb5_chpw_message() сетевого протокола аутентификации Kerberos, позволяющая нарушителю вызвать отказ в обслуживании6.1May 4, 2026
• CVE-2025-24528In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of...7.1Jan 16, 2026
• CVE-2025-3576Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions5.9Apr 15, 2025
• CVE-2024-37370In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the appl...7.5Jun 28, 2024
• CVE-2024-37371In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.9.1Jun 28, 2024
• CVE-2024-26462Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.5.5Feb 26, 2024
• CVE-2024-26458Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.5.3Feb 26, 2024
• CVE-2024-26461Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.7.5Feb 26, 2024
• CVE-2023-36054lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs bec...6.5Aug 7, 2023
• CVE-2022-39028telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application...7.5Aug 30, 2022
• CVE-2021-37750The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server fi...6.5Aug 23, 2021