CVE-2026-57914
Deferred Deferred - Pending Action

Apache Kerby Stack Overflow Denial of Service Vulnerability

Vulnerability report for CVE-2026-57914, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Apache Software Foundation

Description

By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apache kerby 2.1.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when a deeply nested ASN1 structure is sent to an Apache Kerby client or service. The deeply nested structure can trigger a StackOverflow Exception.

This exception can cause the affected service or client to crash or become unresponsive.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or stack overflow exceptions in Apache Kerby clients or services when they process ASN1 data.

Since the issue is triggered by sending deeply nested ASN1 structures, detection can involve sending test ASN1 payloads designed to replicate the exploit conditions and observing if the service crashes or throws stack overflow exceptions.

No specific detection commands or tools are provided in the available resources.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition.

An attacker could exploit this by sending a specially crafted deeply nested ASN1 structure to cause the Apache Kerby client or service to crash or stop functioning properly.

Compliance Impact

This vulnerability causes a denial of service (DoS) condition by triggering a StackOverflow Exception in Apache Kerby clients or services. While it impacts availability, it does not directly affect confidentiality or integrity of data.

Since the vulnerability does not lead to data breaches or unauthorized access, its impact on compliance with standards like GDPR or HIPAAβ€”which focus heavily on data protection and privacyβ€”is limited to potential availability concerns.

Organizations relying on Apache Kerby should consider that denial of service incidents could affect system availability requirements under these regulations, but there is no direct indication that this vulnerability compromises personal or protected health information.

Mitigation Strategies

To mitigate this vulnerability, users are recommended to upgrade to Apache Kerby version 2.1.2, which contains the fix for the issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart