CVE-2016-3119

Source
https://cve.org/CVERecord?id=CVE-2016-3119
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3119.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-3119
Downstream
Related
Published
2016-03-26T01:59:05.997Z
Modified
2026-07-08T12:05:59.670652Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The processdbargs function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.14.0"
                },
                {
                    "last_affected": "1.14.0"
                },
                {
                    "introduced": "1.14.0"
                },
                {
                    "last_affected": "1.14.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "mit:kerberos_5",
            "cpes": [
                "cpe:2.3:a:mit:kerberos_5:1.14.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "42.1"
                },
                {
                    "last_affected": "42.1"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "opensuse:leap",
            "cpes": [
                "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "13.2"
                },
                {
                    "last_affected": "13.2"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "opensuse:opensuse",
            "cpes": [
                "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git / github.com/krb5/krb5

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "cpe": [
        "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.2.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "1.0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "1.0.6"
        },
        {
            "last_affected": "1.0.6"
        },
        {
            "introduced": "1.1"
        },
        {
            "last_affected": "1.1"
        },
        {
            "introduced": "1.1.1"
        },
        {
            "last_affected": "1.1.1"
        },
        {
            "introduced": "1.2"
        },
        {
            "last_affected": "1.2"
        },
        {
            "introduced": "1.2-beta1"
        },
        {
            "last_affected": "1.2-beta1"
        },
        {
            "introduced": "1.2-beta2"
        },
        {
            "last_affected": "1.2-beta2"
        },
        {
            "introduced": "1.2.1"
        },
        {
            "last_affected": "1.2.1"
        },
        {
            "introduced": "1.2.2"
        },
        {
            "last_affected": "1.2.2"
        },
        {
            "introduced": "1.2.3"
        },
        {
            "last_affected": "1.2.3"
        },
        {
            "introduced": "1.2.4"
        },
        {
            "last_affected": "1.2.4"
        },
        {
            "introduced": "1.2.5"
        },
        {
            "last_affected": "1.2.5"
        },
        {
            "introduced": "1.2.6"
        },
        {
            "last_affected": "1.2.6"
        },
        {
            "introduced": "1.2.7"
        },
        {
            "last_affected": "1.2.7"
        },
        {
            "introduced": "1.2.8"
        },
        {
            "last_affected": "1.2.8"
        },
        {
            "introduced": "1.3"
        },
        {
            "last_affected": "1.3"
        },
        {
            "introduced": "1.3-alpha1"
        },
        {
            "last_affected": "1.3-alpha1"
        },
        {
            "introduced": "1.3.1"
        },
        {
            "last_affected": "1.3.1"
        },
        {
            "introduced": "1.3.2"
        },
        {
            "last_affected": "1.3.2"
        },
        {
            "introduced": "1.3.3"
        },
        {
            "last_affected": "1.3.3"
        },
        {
            "introduced": "1.3.4"
        },
        {
            "last_affected": "1.3.4"
        },
        {
            "introduced": "1.3.5"
        },
        {
            "last_affected": "1.3.5"
        },
        {
            "introduced": "1.3.6"
        },
        {
            "last_affected": "1.3.6"
        },
        {
            "introduced": "1.4"
        },
        {
            "last_affected": "1.4"
        },
        {
            "introduced": "1.4.1"
        },
        {
            "last_affected": "1.4.1"
        },
        {
            "introduced": "1.4.2"
        },
        {
            "last_affected": "1.4.2"
        },
        {
            "introduced": "1.4.3"
        },
        {
            "last_affected": "1.4.3"
        },
        {
            "introduced": "1.4.4"
        },
        {
            "last_affected": "1.4.4"
        },
        {
            "introduced": "1.5"
        },
        {
            "last_affected": "1.5"
        },
        {
            "introduced": "1.5.1"
        },
        {
            "last_affected": "1.5.1"
        },
        {
            "introduced": "1.5.2"
        },
        {
            "last_affected": "1.5.2"
        },
        {
            "introduced": "1.5.3"
        },
        {
            "last_affected": "1.5.3"
        },
        {
            "introduced": "1.6"
        },
        {
            "last_affected": "1.6"
        },
        {
            "introduced": "1.6.1"
        },
        {
            "last_affected": "1.6.1"
        },
        {
            "introduced": "1.6.2"
        },
        {
            "last_affected": "1.6.2"
        },
        {
            "introduced": "1.7"
        },
        {
            "last_affected": "1.7"
        },
        {
            "introduced": "1.7.1"
        },
        {
            "last_affected": "1.7.1"
        },
        {
            "introduced": "1.8"
        },
        {
            "last_affected": "1.8"
        },
        {
            "introduced": "1.8.1"
        },
        {
            "last_affected": "1.8.1"
        },
        {
            "introduced": "1.8.2"
        },
        {
            "last_affected": "1.8.2"
        },
        {
            "introduced": "1.8.3"
        },
        {
            "last_affected": "1.8.3"
        },
        {
            "introduced": "1.8.4"
        },
        {
            "last_affected": "1.8.4"
        },
        {
            "introduced": "1.8.5"
        },
        {
            "last_affected": "1.8.5"
        },
        {
            "introduced": "1.8.6"
        },
        {
            "last_affected": "1.8.6"
        },
        {
            "introduced": "1.9"
        },
        {
            "last_affected": "1.9"
        },
        {
            "introduced": "1.9.1"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "1.9.2"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "introduced": "1.9.3"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "introduced": "1.9.4"
        },
        {
            "last_affected": "1.9.4"
        },
        {
            "introduced": "1.10"
        },
        {
            "last_affected": "1.10"
        },
        {
            "introduced": "1.10.1"
        },
        {
            "last_affected": "1.10.1"
        },
        {
            "introduced": "1.10.2"
        },
        {
            "last_affected": "1.10.2"
        },
        {
            "introduced": "1.10.3"
        },
        {
            "last_affected": "1.10.3"
        },
        {
            "introduced": "1.10.4"
        },
        {
            "last_affected": "1.10.4"
        },
        {
            "introduced": "1.11"
        },
        {
            "last_affected": "1.11"
        },
        {
            "introduced": "1.11.1"
        },
        {
            "last_affected": "1.11.1"
        },
        {
            "introduced": "1.11.2"
        },
        {
            "last_affected": "1.11.2"
        },
        {
            "introduced": "1.11.3"
        },
        {
            "last_affected": "1.11.3"
        },
        {
            "introduced": "1.11.4"
        },
        {
            "last_affected": "1.11.4"
        },
        {
            "introduced": "1.11.5"
        },
        {
            "last_affected": "1.11.5"
        },
        {
            "introduced": "1.12"
        },
        {
            "last_affected": "1.12"
        },
        {
            "introduced": "1.12.1"
        },
        {
            "last_affected": "1.12.1"
        },
        {
            "introduced": "1.12.2"
        },
        {
            "last_affected": "1.12.2"
        },
        {
            "introduced": "1.12.3"
        },
        {
            "last_affected": "1.12.3"
        },
        {
            "introduced": "1.13"
        },
        {
            "last_affected": "1.13"
        },
        {
            "introduced": "1.13.1"
        },
        {
            "last_affected": "1.13.1"
        },
        {
            "introduced": "1.13.2"
        },
        {
            "last_affected": "1.13.2"
        },
        {
            "introduced": "1.13.3"
        },
        {
            "last_affected": "1.13.3"
        },
        {
            "introduced": "1.13.4"
        },
        {
            "last_affected": "1.13.4"
        },
        {
            "introduced": "1.14-alpha1"
        },
        {
            "last_affected": "1.14-alpha1"
        },
        {
            "introduced": "1.14-beta1"
        },
        {
            "last_affected": "1.14-beta1"
        },
        {
            "introduced": "1.14-beta2"
        },
        {
            "last_affected": "1.14-beta2"
        },
        {
            "introduced": "1.14.1"
        },
        {
            "last_affected": "1.14.1"
        }
    ]
}

Affected versions

1.*
1.0
1.0.6
1.1
1.1.1
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.11
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.12
1.12.1
1.12.2
1.12.3
1.13
1.13.1
1.13.2
1.13.3
1.13.4
1.14-alpha1
1.14-beta1
1.14-beta2
1.14.1
1.2
1.2-beta1
1.2-beta2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.3
1.3-alpha1
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.5
1.5.1
1.5.2
1.5.3
1.6
1.6.1
1.6.2
1.7
1.7.1
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.9
1.9.1
1.9.2
1.9.3
1.9.4

Database specific

vanir_signatures_modified
"2026-07-08T12:05:59Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3119.json"
vanir_signatures
[
    {
        "id": "CVE-2016-3119-69632881",
        "digest": {
            "function_hash": "182495350258615914864353268036573521388",
            "length": 1890.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99",
        "deprecated": false,
        "target": {
            "function": "process_db_args",
            "file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c"
        }
    },
    {
        "id": "CVE-2016-3119-cfff9bf4",
        "digest": {
            "line_hashes": [
                "24445841302081938003210580042065884435",
                "313536785405792098730377874457343453112",
                "48154515352199858062151739170266415443",
                "270282537340677201132454849868526947895"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99",
        "deprecated": false,
        "target": {
            "file": "src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c"
        }
    }
]

Git / github.com/krb5/krb5-appl

Affected ranges

Type
GIT
Repo
https://github.com/krb5/krb5-appl
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:mit:kerberos_5:1.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Affected versions

1.*
1.0
krb5-appl-1.*
krb5-appl-1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3119.json"