Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2010-1320 — Use After Free in Kerberos 5
Severity
4.0MEDIUMNVD
EPSS
22.1%
top 4.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 22
Latest updateMay 2
Description
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9
Affected Packages2 packages
🔴Vulnerability Details
3💥Exploits & PoCs
2📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)↗2011-02-01