Vulnerability Details : CVE-2004-0772
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2004-0772
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
- cpe:2.3:a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0772
19.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0772
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-02-02 |
CWE ids for CVE-2004-0772
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-0772
-
http://www.kb.cert.org/vuls/id/350792
VU#350792 - MIT Kerberos krb524d insecurely deallocates memory (double-free)Third Party Advisory;US Government Resource
-
http://www.debian.org/security/2004/dsa-543
[SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilitiesMailing List
-
http://www.trustix.net/errata/2004/0045/
Broken Link
-
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml
MIT krb5: Multiple vulnerabilities (GLSA 200409-09) — Gentoo securityThird Party Advisory
-
http://marc.info/?l=bugtraq&m=109508872524753&w=2
'[OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)' - MARCMailing List
-
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)Broken Link
-
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt
Patch;Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA04-247A.html
Page Not Found | CISABroken Link;Patch;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/11078
Broken Link;Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661
404 Not FoundBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17158
Kerberos krb524d double-free code execution CVE-2004-0772 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDKSA-2004:088
Advisories - Mandriva LinuxThird Party Advisory
Jump to