CVE-2019-14844
moderate-risk
Published 2019-09-26
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
Do I need to act?
!
11.7% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (12)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220325-0003/
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220325-0003/
47
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
11/34 · Low
Exposure
10/34 · Low