CVE-2009-0846 — Access of Uninitialized Pointer in Kerberos 5
Severity
10.0CRITICALNVD
EPSS
50.0%
top 2.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 9
Latest updateMay 2
Description
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages6 packages
Also affects: Fedora 10, 9, Ubuntu Linux 6.06, 7.10, 8.04, 8.10, Enterprise Linux 4.0, 4.7