VDB
CVE-2004-0642
CVE-2004-0642
PUBLISHED
CVSS 7.5 HIGH
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
EPSS 26.76% · 96.5th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
26.76%
96.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | enterprise_linux_server | 3.0 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux_workstation | 3.0 |
| mit | kerberos_5 | 0 |
Exploit Intelligence
- VU#795632 (circl)
- CLA-2004:860 (circl)
- oval:org.mitre.oval:def:10709 (circl)
- RHSA-2004:350 (circl)
- oval:org.mitre.oval:def:4936 (circl)
- 2004-0045 (circl)
- DSA-543 (circl)
- TA04-247A (circl)
- GLSA-200409-09 (circl)
- 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos) (circl)
…and 3 more exploits
Timeline
- Sep 10, 2004 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 18, 2023 EPSS Score
References
- http://www.trustix.net/errata/2004/0045 url
- VU#795632 third-party-advisory
- CLA-2004:860 vendor-advisory
- oval:org.mitre.oval:def:10709 vdb
- RHSA-2004:350 vendor-advisory
- oval:org.mitre.oval:def:4936 vdb
- 2004-0045 vendor-advisory
- DSA-543 vendor-advisory
- TA04-247A third-party-advisory
- GLSA-200409-09 vendor-advisory
- 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos) mailing-list
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt url
- 11078 vdb
- kerberos-kdc-double-free(17157) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0642 advisory