4.3

CVE-2009-0847

EPSS 23.4%
Published 09.04.2009 00:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

Affected products Warnungen 0 Metrics 2 CWE 0 References 41

Data is provided by the National Vulnerability Database (NVD)

Mit ≫ Kerberos Version5-1.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	23.4%	0.954

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/35074

http://support.apple.com/kb/HT3549

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/1297

http://secunia.com/advisories/34594

http://secunia.com/advisories/34617

http://secunia.com/advisories/34622

http://secunia.com/advisories/34628

http://secunia.com/advisories/34637

http://secunia.com/advisories/34640

http://secunia.com/advisories/34734

http://security.gentoo.org/glsa/glsa-200904-09.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1

http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt

Vendor Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0058

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058

http://www-01.ibm.com/support/docview.wss?uid=swg21396120

http://www.kb.cert.org/vuls/id/662091

http://www.securityfocus.com/archive/1/502526/100/0/threaded

http://www.securityfocus.com/archive/1/502546/100/0/threaded

http://www.ubuntu.com/usn/usn-755-1

http://www.vupen.com/english/advisories/2009/0976

http://www.vupen.com/english/advisories/2009/1057

http://www.vupen.com/english/advisories/2009/1106

http://www.vupen.com/english/advisories/2009/2248

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:098

http://www.securityfocus.com/bid/34408

http://www.vupen.com/english/advisories/2009/0960

http://marc.info/?l=bugtraq&m=124896429301168&w=2

http://www.vupen.com/english/advisories/2009/2084

http://www.securitytracker.com/id?1021993

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387

https://nvd.nist.gov/vuln/detail/CVE-2009-0847

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0847

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0847

EUVD