← back
CVE-2009-0847

CVE-2009-0847

EPSS 2.8%
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://marc.info/?l=bugtraq&m=124896429301168&w=2http://secunia.com/advisories/34594http://secunia.com/advisories/34617http://secunia.com/advisories/34622http://secunia.com/advisories/34628http://secunia.com/advisories/34637http://secunia.com/advisories/34640http://secunia.com/advisories/34734http://secunia.com/advisories/35074http://security.gentoo.org/glsa/glsa-200904-09.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6387