CVE-2012-1014

Name: CVE-2012-1014
Creator: NVD / NIST
Published: 2012-08-06T16:55:01.273+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.34%

Last modified Jun 16, 2026

CVE-2012-1014 is a vulnerability of currently unknown severity. The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.. EPSS estimates a 4.34% chance of exploitation in the next 30 days.

Description

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.

Metrics

EPSS Probability

4.34%

89.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Mit	Kerberos 5	1.10
Mit	Kerberos 5	1.10.1
Mit	Kerberos 5	1.10.2

References

Timeline

Published: Aug 6, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-1014?

How severe is CVE-2012-1014?

Severity scoring for CVE-2012-1014 is pending analysis. The EPSS model estimates a 4.34% probability of exploitation in the next 30 days.

How do I fix CVE-2012-1014?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1014?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST