CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.2%
An advisory published by the MIT Kerberos team says:
The MIT Kerberos 5 Key Distribution Center (KDC) daemon is
vulnerable to a double-free condition if the Public Key
Cryptography for Initial Authentication (PKINIT) capability is
enabled, resulting in daemon crash or arbitrary code execution
(which is believed to be difficult).
An unauthenticated remote attacker can induce a double-free
event, causing the KDC daemon to crash (denial of service),
or to execute arbitrary code. Exploiting a double-free event
to execute arbitrary code is believed to be difficult.