CVE-2014-9421 — Use After Free in Kerberos 5

CWE-416 — Use After Free9 documents8 sources

Severity

9.0CRITICALNVD

EPSS

5.4%

top 9.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedFeb 19

Latest updateMay 13

Description

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶Debianmit/krb5< 1.12.1+dfsg-17+3

▶NVDmit/kerberos_510 versions+9

🔴Vulnerability Details

GHSA

GHSA-cv75-v3vc-j2vj: The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc↗2022-05-13

▶

CVEList

CVE-2014-9421: The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc↗2015-02-19

▶

OSV

CVE-2014-9421: The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc↗2015-02-19

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2015-02-10

▶

Red Hat

krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)↗2015-02-03

▶

Debian

CVE-2014-9421: krb5 - The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerber...↗2014

▶

💬Community

Bugzilla

CVE-2014-5352 CVE-2014-9421 CVE-2014-9423 CVE-2014-9422 krb5: various flaws [fedora-all]↗2015-02-03

▶

Bugzilla

CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)↗2015-01-07

▶