Greg Pryzby

**Name of the Vulnerable Software and Affected Versions** krb5-workstation versions 1.1.1 through 1.2.2 krb5-devel versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 MIT Kerberos V5 Key Distribution Center (KDC) versions prior to 1.2.5 **Description** The issue affects the confidentiality, integrity, and availability of protected information. Exploitation of the vulnerabilities can be done remotely. The MIT Kerberos V5 Key Distribution Center (KDC) is vulnerable to a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. **Recommendations** For krb5-workstation versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-devel versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-configs version 1.1.1, update to a version later than 1.1.1. For krb5-server versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-libs version 1.1.1, update to a version later than 1.1.1. For MIT Kerberos V5 Key Distribution Center (KDC) versions prior to 1.2.5, update to version 1.2.5 or later.