cbcvebase.
CVE-2006-6143
published 2006-12-31

CVE-2006-6143: The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this…

PriorityP336critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.93%
94.0th percentile
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Affected

14 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debiankrb5< krb5 1.4.4-6 (bookworm)krb5 1.4.4-6 (bookworm)
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkrb5>= 0 < 1.4.4-61.4.4-6
mitkrb5>= 0 < 1.4.4-61.4.4-6
mitkrb5>= 0 < 1.4.4-61.4.4-6
mitkrb5>= 0 < 1.4.4-61.4.4-6

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3HIGH
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.