MIT : Security Vulnerabilities, CVEs, Published In 2006 (Denial of service)
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
Max CVSS
5.0
EPSS Score
7.74%
Published
2006-12-31
Updated
2021-02-02
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
60.94%
Published
2006-12-31
Updated
2024-02-09
2 vulnerabilities found