CVE-2014-4343
published 2014-08-14CVE-2014-4343: Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x…
high7.6CVSS 3.1
AVNACHAuNCCICAC
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.12.1+dfsg-5 (bookworm) | krb5 1.12.1+dfsg-5 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.12.1+dfsg-5 | 1.12.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-5 | 1.12.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-5 | 1.12.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-5 | 1.12.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu4.2 | 1.12+dfsg-2ubuntu4.2 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvd7.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH