Lucene search

[email protected]NVD:CVE-2014-4343

HistoryAug 14, 2014 - 5:01 a.m.

CVE-2014-4343

2014-08-1405:01:49

CWE-415

[email protected]

web.nvd.nist.gov

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.033

Percentile

91.3%

JSON

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.

Affected configurations

Nvd

Node

debiandebian_linuxMatch7.0

Node

mitkerberos_5Match1.10

mitkerberos_5Match1.10.1

mitkerberos_5Match1.10.2

mitkerberos_5Match1.10.3

mitkerberos_5Match1.10.4

mitkerberos_5Match1.11

mitkerberos_5Match1.11.1

mitkerberos_5Match1.11.2

mitkerberos_5Match1.11.3

mitkerberos_5Match1.11.4

mitkerberos_5Match1.11.5

mitkerberos_5Match1.12

mitkerberos_5Match1.12.1

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
mitkerberos_51.10cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*
mitkerberos_51.10.1cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*
mitkerberos_51.10.2cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*
mitkerberos_51.10.3cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*
mitkerberos_51.10.4cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*
mitkerberos_51.11cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
mitkerberos_51.11.1cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*
mitkerberos_51.11.2cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*
mitkerberos_51.11.3cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
mit	kerberos_5	1.10	cpe:2.3:a:mit:kerberos_5:1.10:::::::*
mit	kerberos_5	1.10.1	cpe:2.3:a:mit:kerberos_5:1.10.1:::::::*
mit	kerberos_5	1.10.2	cpe:2.3:a:mit:kerberos_5:1.10.2:::::::*
mit	kerberos_5	1.10.3	cpe:2.3:a:mit:kerberos_5:1.10.3:::::::*
mit	kerberos_5	1.10.4	cpe:2.3:a:mit:kerberos_5:1.10.4:::::::*
mit	kerberos_5	1.11	cpe:2.3:a:mit:kerberos_5:1.11:::::::*
mit	kerberos_5	1.11.1	cpe:2.3:a:mit:kerberos_5:1.11.1:::::::*
mit	kerberos_5	1.11.2	cpe:2.3:a:mit:kerberos_5:1.11.2:::::::*
mit	kerberos_5	1.11.3	cpe:2.3:a:mit:kerberos_5:1.11.3:::::::*