Primary

Context

MIT Kerberos 5 Null Pointer Dereference Vulnerability in NegoEx Mechanism

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in MIT Kerberos 5 versions prior to 1.22.3. The issue arises when an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered. An unauthenticated remote attacker can exploit this vulnerability, leading to a process termination.

Impact

Exploitation of this vulnerability causes a null pointer dereference, resulting in a process crash.

Remediation

Users can apply the upstream patch available in commit 2e75f0d or update to a version containing the fix.

Added: Apr 28, 2026, 6:26 AM

Updated: Apr 28, 2026, 6:26 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

9.1

remediation

7.7

relevance

6.9

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

0.6

exploitability

9.1

remediation

7.7

relevance

6.9

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MIT Kerberos 5 Null Pointer Dereference Vulnerability in NegoEx Mechanism

Vulnerability

Impact

Remediation

Affected Products

MIT Kerberos 5

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating