CVE-2001-0035 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.8%

top 25.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KTH Kerberos

Timeline

PublishedFeb 16

Latest updateApr 30

Description

Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDkth/kth_kerberos4

Patches

Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-hmx2-378q-q7c3: Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrar↗2022-04-30

▶

CVEList

CVE-2001-0035: Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrar↗2001-05-07

▶