Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.24235
Percentile: 0.95826

CVSS Scoring

Mapped CWE(s)

• CWE-415 : Double Free

Affected Products

• cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*

← Back to Home