CVE-2007-5901 — Use After Free in Kerberos 5

CWE-399 CWE-416 — Use After Free8 documents8 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 70.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedDec 6

Latest updateMay 1

Description

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶Debianmit/krb5< 1.6.dfsg.4~beta1-1+3

▶NVDmit/kerberos_51.6.3_kdc

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qxh5-j4mp-pchg: Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize↗2022-05-01

▶

CVEList

CVE-2007-5901: Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize↗2007-12-06

▶

OSV

CVE-2007-5901: Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize↗2007-12-06

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2010-04-07

▶

Red Hat

krb5: use-after-free in gssapi lib↗2007-11-14

▶

Debian

CVE-2007-5901: krb5 - Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/me...↗2007

▶

💬Community

Bugzilla

CVE-2007-5901 krb5: use-after-free in gssapi lib↗2007-12-07

▶