CVE-2007-5971 — Double Free in Kerberos 5

CWE-3999 documents8 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 76.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedDec 6

Latest updateMay 1

Description

Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶Debianmit/krb5< 1.6.dfsg.4~beta1-1+3

▶NVDmit/kerberos_51.6.3_kdc

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mmmq-7mrq-vp86: Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3↗2022-05-01

▶

CVEList

CVE-2007-5971: Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3↗2007-12-06

▶

OSV

CVE-2007-5971: Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3↗2007-12-06

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2010-05-19

▶

Ubuntu

Kerberos vulnerabilities↗2010-04-07

▶

Red Hat

krb5: double free in gssapi lib↗2007-11-14

▶

Debian

CVE-2007-5971: krb5 - Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/...↗2007

▶

💬Community

Bugzilla

CVE-2007-5971 krb5: double free in gssapi lib↗2007-12-07

▶