CVE-2005-1689 — Double Free in Kerberos 5

CWE-415 — Double Free CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

9.8CRITICALNVD

EPSS

55.2%

top 1.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 Apple MAC OS X Apple MAC OS X Server +2 more

Timeline

PublishedJul 18

Latest updateMay 3

Description

Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶Debianmit/krb5< 1.3.6-4+3

▶NVDmit/kerberos_51.4.1

▶NVDapple/mac_os_x< 10.4.2

▶NVDapple/mac_os_x_server< 10.4.2

Also affects: Debian Linux 3.0, 3.1

Patches

Patch: marc.info ↗Patch: web.mit.edu ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-8mfg-j523-2x92: Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1↗2022-05-03

▶

OSV

CVE-2005-1689: Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1↗2005-07-18

▶

CVEList

CVE-2005-1689: Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1↗2005-07-17

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2005-12-06

▶

Red Hat

security flaw↗2005-07-12

▶

Debian

CVE-2005-1689: krb5 - Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5)...↗2005

▶

💬Community

Bugzilla

CVE-2005-1689 security flaw↗2018-08-16

▶