Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kerberos | Mit | 5-1.6.3 (including) | 5-1.6.3 (including) |
| Kerberos_5 | Mit | 1.3 (including) | 1.3 (including) |
| Kerberos_5 | Mit | 1.3.1 (including) | 1.3.1 (including) |
| Kerberos_5 | Mit | 1.3.2 (including) | 1.3.2 (including) |
| Kerberos_5 | Mit | 1.3.3 (including) | 1.3.3 (including) |
| Kerberos_5 | Mit | 1.3.4 (including) | 1.3.4 (including) |
| Kerberos_5 | Mit | 1.3.5 (including) | 1.3.5 (including) |
| Kerberos_5 | Mit | 1.3.6 (including) | 1.3.6 (including) |
| Kerberos_5 | Mit | 1.4 (including) | 1.4 (including) |
| Kerberos_5 | Mit | 1.4.1 (including) | 1.4.1 (including) |
| Kerberos_5 | Mit | 1.4.2 (including) | 1.4.2 (including) |
| Kerberos_5 | Mit | 1.4.3 (including) | 1.4.3 (including) |
| Kerberos_5 | Mit | 1.4.4 (including) | 1.4.4 (including) |
| Kerberos_5 | Mit | 1.5 (including) | 1.5 (including) |
| Kerberos_5 | Mit | 1.5.1 (including) | 1.5.1 (including) |
| Kerberos_5 | Mit | 1.5.2 (including) | 1.5.2 (including) |
| Kerberos_5 | Mit | 1.5.3 (including) | 1.5.3 (including) |
| Kerberos_5 | Mit | 1.6 (including) | 1.6 (including) |
| Kerberos_5 | Mit | 1.6.1 (including) | 1.6.1 (including) |
| Kerberos_5 | Mit | 1.6.2 (including) | 1.6.2 (including) |
| Kerberos_5 | Mit | 1.7 (including) | 1.7 (including) |