CVE-2004-0642

MIT Kerberos 5 < 1.3.4 - Remote Code Execution via ASN.1 Decoder Double Free

Title source: llm
STIX 2.1

Description

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

References (13)

Core 13
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/795632
Broken Link vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2004-350.html
Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936
Broken Link vendor-advisory x_refsource_trustix
http://www.trustix.net/errata/2004/0045/
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-543
Broken Link, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA04-247A.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml
Issue Tracking, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109508872524753&w=2
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11078
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17157

Scores

EPSS 0.2676
EPSS Percentile 96.4%

Details

CWE
CWE-415
Status published
Products (5)
debian/debian_linux 3.0
mit/kerberos_5 < 1.3.4
redhat/enterprise_linux_desktop 3.0
redhat/enterprise_linux_server 3.0
redhat/enterprise_linux_workstation 3.0
Published Sep 28, 2004
Tracked Since Feb 18, 2026