CVE-2026-57914
Deferred Deferred - Pending Action
Apache Kerby Stack Overflow Denial of Service Vulnerability

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Apache Software Foundation

Description
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57914
EUVD
EUVD-2026-39648
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache kerby 2.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when a deeply nested ASN1 structure is sent to an Apache Kerby client or service. The deeply nested structure can trigger a StackOverflow Exception.

This exception can cause the affected service or client to crash or become unresponsive.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition.

An attacker could exploit this by sending a specially crafted deeply nested ASN1 structure to cause the Apache Kerby client or service to crash or stop functioning properly.

Mitigation Strategies

To mitigate this vulnerability, users are recommended to upgrade to Apache Kerby version 2.1.2, which contains the fix for the issue.

Compliance Impact

This vulnerability causes a denial of service (DoS) condition by triggering a StackOverflow Exception in Apache Kerby clients or services. While it impacts availability, it does not directly affect confidentiality or integrity of data.

Since the vulnerability does not lead to data breaches or unauthorized access, its impact on compliance with standards like GDPR or HIPAAβ€”which focus heavily on data protection and privacyβ€”is limited to potential availability concerns.

Organizations relying on Apache Kerby should consider that denial of service incidents could affect system availability requirements under these regulations, but there is no direct indication that this vulnerability compromises personal or protected health information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart