CVE-2009-0847 — Improper Handling of Length Parameter Inconsistency in Kerberos

CWE-189 CWE-130 — Improper Handling of Length Parameter Inconsistency CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

20.3%

top 4.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos

Timeline

PublishedApr 9

Latest updateMay 2

Description

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianmit/krb5< 1.6.dfsg.4~beta1-13+3

▶NVDmit/kerberos5-1.6.3

🔴Vulnerability Details

GHSA

GHSA-ph4p-rhxr-85rq: The asn1buf_imbed function in the ASN↗2022-05-02

▶

CVEList

CVE-2009-0847: The asn1buf_imbed function in the ASN↗2009-04-09

▶

OSV

CVE-2009-0847: The asn1buf_imbed function in the ASN↗2009-04-09

▶

📋Vendor Advisories

Red Hat

krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)↗2009-04-07

▶

Ubuntu

Kerberos vulnerabilities↗2009-04-07

▶

Debian

CVE-2009-0847: krb5 - The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6...↗2009

▶

💬Community

Bugzilla

CVE-2009-0847 krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001)↗2009-03-19

▶

Bugzilla

CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001)↗2009-03-19

▶