{"id":"CVE-2016-3120","details":"The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.","modified":"2026-04-16T06:16:12.906458995Z","published":"2016-08-01T02:59:12.370Z","related":["SUSE-SU-2016:2136-1","openSUSE-SU-2024:10004-1"],"references":[{"type":"WEB","url":"http://web.mit.edu/kerberos/krb5-1.14/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"},{"type":"WEB","url":"http://web.mit.edu/kerberos/krb5-1.13/"},{"type":"WEB","url":"http://www.securityfocus.com/bid/92132"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036442"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2591.html"},{"type":"REPORT","url":"http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"},{"type":"FIX","url":"https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/krb5/krb5","events":[{"introduced":"0"},{"last_affected":"3165ae71ba685ff0f105383a2c2a27a76e8efac4"},{"introduced":"0"},{"last_affected":"2f5d3144379e251cb13797b92d47153e1ab51181"},{"introduced":"0"},{"last_affected":"7e4e051e3d2ebc06161475a42ded72c944308539"},{"introduced":"0"},{"last_affected":"233f46816c44bfa974d1d1092426ed7f8616991d"},{"introduced":"0"},{"last_affected":"6e3bc54c3d89a4a71ada3c93f110ab5f8d0b67c9"},{"introduced":"0"},{"last_affected":"1f78e158286d7cfce58fcf8dd482d81adfa3259c"},{"introduced":"0"},{"last_affected":"68237c615782cc5fd0bc372e1fa24426399ab520"},{"introduced":"0"},{"last_affected":"48401c2c17364ebd90d3422d01a159ca16ea9548"},{"introduced":"0"},{"last_affected":"feb36cf045c4ecb5b3f0da04a86a85f2fdbf71a5"},{"introduced":"0"},{"last_affected":"68a03305111126a183dbd3779497ed9e00be6e0a"},{"fixed":"93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.13"},{"introduced":"0"},{"last_affected":"1.13.1"},{"introduced":"0"},{"last_affected":"1.13.2"},{"introduced":"0"},{"last_affected":"1.13.3"},{"introduced":"0"},{"last_affected":"1.13.4"},{"introduced":"0"},{"last_affected":"1.13.5"},{"introduced":"0"},{"last_affected":"1.13.6"},{"introduced":"0"},{"last_affected":"1.14"},{"introduced":"0"},{"last_affected":"1.14.1"},{"introduced":"0"},{"last_affected":"1.14.2"}]}}],"versions":["kfw-4.1-beta1","kfw-4.1-beta2","kfw-4.1-beta3","kfw-4.1-beta3-mit","krb5-1.13-alpha1","krb5-1.13-beta1","krb5-1.13-final","krb5-1.13.1-final","krb5-1.13.2-final","krb5-1.13.3-final","krb5-1.13.4-final","krb5-1.13.5-final","krb5-1.13.6-final","krb5-1.14-alpha1","krb5-1.14-beta1","krb5-1.14-beta2","krb5-1.14-final","krb5-1.14.1-final","krb5-1.14.2-final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3120.json","vanir_signatures":[{"signature_type":"Function","target":{"function":"validate_as_request","file":"src/kdc/kdc_util.c"},"source":"https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7","id":"CVE-2016-3120-5b944c3f","digest":{"function_hash":"114832735742266611359956904032110077760","length":2440},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","target":{"file":"src/kdc/kdc_util.c"},"source":"https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7","id":"CVE-2016-3120-9c22472c","digest":{"threshold":0.9,"line_hashes":["188127353243240745192543305669040301596","230037708568997149536374049167456462409","300683140533483817075971560559028595358","160102550585688257047493868450817751983"]},"deprecated":false,"signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T04:02:05Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}