CVE-2004-0642 — Double Free in Kerberos 5

CWE-415 — Double Free9 documents8 sources

Severity

7.5HIGHNVD

EPSS

25.8%

top 3.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5 Debian Linux +3 more

Timeline

PublishedSep 28

Latest updateApr 29

Description

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶Debianmit/krb5< 1.3.4-3+3

▶NVDmit/kerberos_51.3.4

▶NVDredhat/enterprise_linux_server3.0

▶NVDredhat/enterprise_linux_desktop3.0

▶NVDredhat/enterprise_linux_workstation3.0

Also affects: Debian Linux 3.0

Patches

Patch: web.mit.edu ↗Patch: web.mit.edu ↗

🔴Vulnerability Details

GHSA

GHSA-9vx5-gccr-9gr3: Double free vulnerabilities in the error handling code for ASN↗2022-04-29

▶

OSV

CVE-2004-0642: Double free vulnerabilities in the error handling code for ASN↗2004-09-28

▶

CVEList

CVE-2004-0642: Double free vulnerabilities in the error handling code for ASN↗2004-09-10

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-08-31

▶

Cisco

Vulnerabilities in Kerberos 5 Implementation↗2004-08-31

▶

Debian

CVE-2004-0642: krb5 - Double free vulnerabilities in the error handling code for ASN.1 decoders in the...↗2004

▶

💬Community

Bugzilla

CVE-2004-0642 security flaw↗2018-08-16

▶