CVE-2008-0947Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos 5

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
10.0CRITICALNVD
EPSS
45.1%
top 2.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MIT Krb5MIT Kerberos 5
Timeline
PublishedMar 19
Latest updateMay 1

Description

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianmit/krb5< 1.6.dfsg.3~beta1-4+3
NVDmit/kerberos_513 versions+12

🔴Vulnerability Details

3
GHSA
GHSA-w9c3-3cvm-x4wm: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 12022-05-01
CVEList
CVE-2008-0947: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 12008-03-19
OSV
CVE-2008-0947: Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 12008-03-19

📋Vendor Advisories

3
Ubuntu
Kerberos vulnerabilities2008-03-19
Red Hat
krb5: file descriptor array overflow in RPC library2008-03-18
Debian
CVE-2008-0947: krb5 - Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos...2008

💬Community

2
Bugzilla
CVE-2008-0948 krb5: incorrect handling of high-numbered file descriptors in RPC library2008-02-27
Bugzilla
CVE-2008-0947 krb5: file descriptor array overflow in RPC library2008-02-20
CVE-2008-0947 — MIT Kerberos 5 vulnerability | cvebase