CVE-2004-0642

EPSS 25.8%
Published 28.09.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Kerberos 5 Version <= 1.3.4

Debian ≫ Debian Linux Version3.0

Redhat ≫ Enterprise Linux Desktop Version3.0

Redhat ≫ Enterprise Linux Server Version3.0

Redhat ≫ Enterprise Linux Workstation Version3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.8%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860

Broken Link

http://marc.info/?l=bugtraq&m=109508872524753&w=2

Third Party Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2004-350.html

Third Party Advisory

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt

Patch

Vendor Advisory

http://www.debian.org/security/2004/dsa-543

Third Party Advisory

Mailing List

http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml

Third Party Advisory

Mailing List

http://www.kb.cert.org/vuls/id/795632

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/11078

Third Party Advisory

Broken Link

VDB Entry

http://www.trustix.net/errata/2004/0045/

Broken Link

http://www.us-cert.gov/cas/techalerts/TA04-247A.html

Third Party Advisory

US Government Resource

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/17157

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936

Third Party Advisory

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2004-0642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0642

EUVD