The processdbargs function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "1.14.0"
},
{
"last_affected": "1.14.0"
},
{
"introduced": "1.14.0"
},
{
"last_affected": "1.14.0"
}
],
"source": "CPE_STRING",
"vendor_product": "mit:kerberos_5",
"cpes": [
"cpe:2.3:a:mit:kerberos_5:1.14.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "42.1"
},
{
"last_affected": "42.1"
}
],
"source": "CPE_STRING",
"vendor_product": "opensuse:leap",
"cpes": [
"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "13.2"
},
{
"last_affected": "13.2"
}
],
"source": "CPE_STRING",
"vendor_product": "opensuse:opensuse",
"cpes": [
"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"
]
}
]
}{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": [
"cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2:beta1:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2:beta2:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.0"
},
{
"last_affected": "1.0"
},
{
"introduced": "1.0.6"
},
{
"last_affected": "1.0.6"
},
{
"introduced": "1.1"
},
{
"last_affected": "1.1"
},
{
"introduced": "1.1.1"
},
{
"last_affected": "1.1.1"
},
{
"introduced": "1.2"
},
{
"last_affected": "1.2"
},
{
"introduced": "1.2-beta1"
},
{
"last_affected": "1.2-beta1"
},
{
"introduced": "1.2-beta2"
},
{
"last_affected": "1.2-beta2"
},
{
"introduced": "1.2.1"
},
{
"last_affected": "1.2.1"
},
{
"introduced": "1.2.2"
},
{
"last_affected": "1.2.2"
},
{
"introduced": "1.2.3"
},
{
"last_affected": "1.2.3"
},
{
"introduced": "1.2.4"
},
{
"last_affected": "1.2.4"
},
{
"introduced": "1.2.5"
},
{
"last_affected": "1.2.5"
},
{
"introduced": "1.2.6"
},
{
"last_affected": "1.2.6"
},
{
"introduced": "1.2.7"
},
{
"last_affected": "1.2.7"
},
{
"introduced": "1.2.8"
},
{
"last_affected": "1.2.8"
},
{
"introduced": "1.3"
},
{
"last_affected": "1.3"
},
{
"introduced": "1.3-alpha1"
},
{
"last_affected": "1.3-alpha1"
},
{
"introduced": "1.3.1"
},
{
"last_affected": "1.3.1"
},
{
"introduced": "1.3.2"
},
{
"last_affected": "1.3.2"
},
{
"introduced": "1.3.3"
},
{
"last_affected": "1.3.3"
},
{
"introduced": "1.3.4"
},
{
"last_affected": "1.3.4"
},
{
"introduced": "1.3.5"
},
{
"last_affected": "1.3.5"
},
{
"introduced": "1.3.6"
},
{
"last_affected": "1.3.6"
},
{
"introduced": "1.4"
},
{
"last_affected": "1.4"
},
{
"introduced": "1.4.1"
},
{
"last_affected": "1.4.1"
},
{
"introduced": "1.4.2"
},
{
"last_affected": "1.4.2"
},
{
"introduced": "1.4.3"
},
{
"last_affected": "1.4.3"
},
{
"introduced": "1.4.4"
},
{
"last_affected": "1.4.4"
},
{
"introduced": "1.5"
},
{
"last_affected": "1.5"
},
{
"introduced": "1.5.1"
},
{
"last_affected": "1.5.1"
},
{
"introduced": "1.5.2"
},
{
"last_affected": "1.5.2"
},
{
"introduced": "1.5.3"
},
{
"last_affected": "1.5.3"
},
{
"introduced": "1.6"
},
{
"last_affected": "1.6"
},
{
"introduced": "1.6.1"
},
{
"last_affected": "1.6.1"
},
{
"introduced": "1.6.2"
},
{
"last_affected": "1.6.2"
},
{
"introduced": "1.7"
},
{
"last_affected": "1.7"
},
{
"introduced": "1.7.1"
},
{
"last_affected": "1.7.1"
},
{
"introduced": "1.8"
},
{
"last_affected": "1.8"
},
{
"introduced": "1.8.1"
},
{
"last_affected": "1.8.1"
},
{
"introduced": "1.8.2"
},
{
"last_affected": "1.8.2"
},
{
"introduced": "1.8.3"
},
{
"last_affected": "1.8.3"
},
{
"introduced": "1.8.4"
},
{
"last_affected": "1.8.4"
},
{
"introduced": "1.8.5"
},
{
"last_affected": "1.8.5"
},
{
"introduced": "1.8.6"
},
{
"last_affected": "1.8.6"
},
{
"introduced": "1.9"
},
{
"last_affected": "1.9"
},
{
"introduced": "1.9.1"
},
{
"last_affected": "1.9.1"
},
{
"introduced": "1.9.2"
},
{
"last_affected": "1.9.2"
},
{
"introduced": "1.9.3"
},
{
"last_affected": "1.9.3"
},
{
"introduced": "1.9.4"
},
{
"last_affected": "1.9.4"
},
{
"introduced": "1.10"
},
{
"last_affected": "1.10"
},
{
"introduced": "1.10.1"
},
{
"last_affected": "1.10.1"
},
{
"introduced": "1.10.2"
},
{
"last_affected": "1.10.2"
},
{
"introduced": "1.10.3"
},
{
"last_affected": "1.10.3"
},
{
"introduced": "1.10.4"
},
{
"last_affected": "1.10.4"
},
{
"introduced": "1.11"
},
{
"last_affected": "1.11"
},
{
"introduced": "1.11.1"
},
{
"last_affected": "1.11.1"
},
{
"introduced": "1.11.2"
},
{
"last_affected": "1.11.2"
},
{
"introduced": "1.11.3"
},
{
"last_affected": "1.11.3"
},
{
"introduced": "1.11.4"
},
{
"last_affected": "1.11.4"
},
{
"introduced": "1.11.5"
},
{
"last_affected": "1.11.5"
},
{
"introduced": "1.12"
},
{
"last_affected": "1.12"
},
{
"introduced": "1.12.1"
},
{
"last_affected": "1.12.1"
},
{
"introduced": "1.12.2"
},
{
"last_affected": "1.12.2"
},
{
"introduced": "1.12.3"
},
{
"last_affected": "1.12.3"
},
{
"introduced": "1.13"
},
{
"last_affected": "1.13"
},
{
"introduced": "1.13.1"
},
{
"last_affected": "1.13.1"
},
{
"introduced": "1.13.2"
},
{
"last_affected": "1.13.2"
},
{
"introduced": "1.13.3"
},
{
"last_affected": "1.13.3"
},
{
"introduced": "1.13.4"
},
{
"last_affected": "1.13.4"
},
{
"introduced": "1.14-alpha1"
},
{
"last_affected": "1.14-alpha1"
},
{
"introduced": "1.14-beta1"
},
{
"last_affected": "1.14-beta1"
},
{
"introduced": "1.14-beta2"
},
{
"last_affected": "1.14-beta2"
},
{
"introduced": "1.14.1"
},
{
"last_affected": "1.14.1"
}
]
}"2026-07-08T12:05:59Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3119.json"
[
{
"id": "CVE-2016-3119-69632881",
"digest": {
"function_hash": "182495350258615914864353268036573521388",
"length": 1890.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99",
"deprecated": false,
"target": {
"function": "process_db_args",
"file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c"
}
},
{
"id": "CVE-2016-3119-cfff9bf4",
"digest": {
"line_hashes": [
"24445841302081938003210580042065884435",
"313536785405792098730377874457343453112",
"48154515352199858062151739170266415443",
"270282537340677201132454849868526947895"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99",
"deprecated": false,
"target": {
"file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c"
}
}
]