Pam Krb5project Pam Krb5
stack.watch can notify you when security vulnerabilities are reported in Pam Krb5project Pam Krb5. You can add multiple products that you use with Pam Krb5 to create your own personal software stack watcher.
By the Year
In 2020 there have been 1 vulnerability in Pam Krb5project Pam Krb5 with an average score of 9.8 out of ten. Last year Pam Krb5 had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 1 | 9.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Pam Krb5 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Pam Krb5project Pam Krb5 Security Vulnerabilities
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library
CVE-2020-10595
9.8 - Critical
- March 31, 2020
pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.
buffer overrun