CVE: CVE-2010-0629

Export to Word

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.02284
Percentile: 0.84008

CVSS Scoring

CVSS v3.1 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-416 : Use After Free

Affected Products

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

← Back to Home