CVE-2007-5972Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos 5

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
9.0CRITICALNVD
EPSS
1.9%
top 16.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MIT Krb5MIT Kerberos 5
Timeline
PublishedDec 6
Latest updateMay 1

Description

Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

Debianmit/krb5< 1.6.dfsg.4~beta1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-cpvg-gx3j-rfm4: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default2022-05-01
OSV
CVE-2007-5972: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default2007-12-06
CVEList
CVE-2007-5972: Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default2007-12-06

📋Vendor Advisories

4
Ubuntu
Kerberos vulnerabilities2010-05-19
Ubuntu
Kerberos vulnerabilities2010-04-07
Red Hat
krb5: double free in kdb lib2007-11-14
Debian
CVE-2007-5972: krb5 - Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_def...2007

💬Community

1
Bugzilla
CVE-2007-5972 krb5: double free in kdb lib2007-12-07
CVE-2007-5972 — MIT Kerberos 5 vulnerability | cvebase