VDB
CERTCC-2004-795632
CERTCC-2004-795632
PUBLISHED
The MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in double-free vulnerabilities. An unauthenticated, remote attacker could execute arbitrary code on a KDC server, which could compromise an entire Kerberos realm. An attacker may also be able to execute arbitrary code on Kerberos clients, or cause a denial of service on KDCs or clients.
Timeline
- Aug 31, 2004 CVE Published
- May 10, 2005 CVE Updated
- Mar 17, 2026 Security Advisory
References
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) url
- MIT Kerberos 5 ASN.1 decoding functions insecurely deallocate memory (double-free) advisory