CVE-2011-0284

Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
Severity
UNKNOWN
AV:N/AC:H/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
mitkerberos_5
1.7
mitkerberos_5
1.7.1
mitkerberos_5
1.8
mitkerberos_5
1.8.1
mitkerberos_5
1.8.2
mitkerberos_5
1.8.3
mitkerberos_5
1.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
krb5
bullseye (security)
1.18.3-6+deb11u5
fixed
bullseye
1.18.3-6+deb11u5
fixed
lenny
no-dsa
bookworm
1.20.1-2+deb12u2
fixed
bookworm (security)
1.20.1-2+deb12u2
fixed
sid
1.21.3-3
fixed
trixie
1.21.3-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
krb5
maverick
Fixed 1.8.1+dfsg-5ubuntu0.6
released
lucid
Fixed 1.8.1+dfsg-2ubuntu0.8
released
karmic
Fixed 1.7dfsg~beta3-1ubuntu0.12
released
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References