The validateasrequest function in kdcutil.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "1.13"
},
{
"last_affected": "1.13"
}
],
"source": "CPE_STRING",
"vendor_product": "mit:kerberos_5",
"cpes": [
"cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*"
]
}
]
}{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": [
"cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*",
"cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.13"
},
{
"last_affected": "1.13"
},
{
"introduced": "1.13.1"
},
{
"last_affected": "1.13.1"
},
{
"introduced": "1.13.2"
},
{
"last_affected": "1.13.2"
},
{
"introduced": "1.13.3"
},
{
"last_affected": "1.13.3"
},
{
"introduced": "1.13.4"
},
{
"last_affected": "1.13.4"
},
{
"introduced": "1.13.5"
},
{
"last_affected": "1.13.5"
},
{
"introduced": "1.13.6"
},
{
"last_affected": "1.13.6"
},
{
"introduced": "1.14"
},
{
"last_affected": "1.14"
},
{
"introduced": "1.14.1"
},
{
"last_affected": "1.14.1"
},
{
"introduced": "1.14.2"
},
{
"last_affected": "1.14.2"
}
]
}"2026-07-08T12:41:11Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3120.json"
[
{
"id": "CVE-2016-3120-5b944c3f",
"digest": {
"function_hash": "114832735742266611359956904032110077760",
"length": 2440.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7",
"deprecated": false,
"target": {
"function": "validate_as_request",
"file": "src/kdc/kdc_util.c"
}
},
{
"id": "CVE-2016-3120-9c22472c",
"digest": {
"line_hashes": [
"188127353243240745192543305669040301596",
"230037708568997149536374049167456462409",
"300683140533483817075971560559028595358",
"160102550585688257047493868450817751983"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7",
"deprecated": false,
"target": {
"file": "src/kdc/kdc_util.c"
}
}
]