CVE-2009-3295

Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 29 Dec 2009, 16:00
Last modified:07 Aug 2024, 06:22

Vulnerability Summary

Overall Risk (default)
low
21/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
2.74% LOW
3% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Dec 2009, 16:00
Published
Vulnerability first disclosed
07 Aug 2024, 06:22
Last Modified
Vulnerability information updated

Description

The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 2.74% Percentile: 86%

Affected Systems

  • mitkerberos_5

    1.7

References (6)