CVE-2011-0284

2011-03-2002:00:03

CWE-399

mitre

web.nvd.nist.gov

cve

mit kerberos 5

double free vulnerability

pkinit

denial of service

execute arbitrary code

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

High

EPSS

0.356

Percentile

97.2%

JSON

Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.

Affected configurations

Nvd

Node

mitkerberos_5Match1.7

mitkerberos_5Match1.7.1

mitkerberos_5Match1.8

mitkerberos_5Match1.8.1

mitkerberos_5Match1.8.2

mitkerberos_5Match1.8.3

mitkerberos_5Match1.9

VendorProductVersionCPE
mitkerberos_51.7cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
mitkerberos_51.7.1cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
mitkerberos_51.8cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
mitkerberos_51.8.1cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
mitkerberos_51.8.2cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
mitkerberos_51.8.3cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
mitkerberos_51.9cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mit	kerberos_5	1.7	cpe:2.3:a:mit:kerberos_5:1.7:::::::*
mit	kerberos_5	1.7.1	cpe:2.3:a:mit:kerberos_5:1.7.1:::::::*
mit	kerberos_5	1.8	cpe:2.3:a:mit:kerberos_5:1.8:::::::*
mit	kerberos_5	1.8.1	cpe:2.3:a:mit:kerberos_5:1.8.1:::::::*
mit	kerberos_5	1.8.2	cpe:2.3:a:mit:kerberos_5:1.8.2:::::::*
mit	kerberos_5	1.8.3	cpe:2.3:a:mit:kerberos_5:1.8.3:::::::*
mit	kerberos_5	1.9	cpe:2.3:a:mit:kerberos_5:1.9:::::::*