CVE-2009-0844 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kerberos

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

5.8MEDIUMNVD

EPSS

3.4%

top 12.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos MIT Kerberos 5

Timeline

PublishedApr 9

Latest updateMay 2

Description

The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶Debianmit/krb5< 1.6.dfsg.4~beta1-13+3

▶NVDmit/kerberos5-1.6.3

▶NVDmit/kerberos_57 versions+6

🔴Vulnerability Details

GHSA

GHSA-4h8p-gqwx-mmw3: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1↗2022-05-02

▶

OSV

CVE-2009-0844: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1↗2009-04-09

▶

CVEList

CVE-2009-0844: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1↗2009-04-09

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2009-04-07

▶

Red Hat

krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)↗2009-04-07

▶

Debian

CVE-2009-0844: krb5 - The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka...↗2009

▶

💬Community

Bugzilla

CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)↗2009-03-19

▶