VDB
GCVE-110-CERTCC-2004-866472
GCVE-110-CERTCC-2004-866472
Advisory Published
The krb5_rd_cred() function in the MIT Kerberos 5 library does not securely deallocate heap memory when decoding ASN.1 structures, resulting in a double-free vulnerability. A remote, authenticated attacker could execute arbitrary code or cause a denial of service on any system running an application that calls krb5_rd_cred(). This includes Kerberos application servers and other applications that process Kerberos authentication via the MIT Kerberos 5 library, GSSAPI, and other libraries.
Risk Scores
certcc-cam
certcc-cam
impact20population18exploitation0widely_known15score_current10.962ease_of_exploitation7
Aliases
References
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)
url
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.