Search for vulnerabilities
Vulnerability details: VCID-5cfs-6fqz-aaab
Vulnerability ID VCID-5cfs-6fqz-aaab
Aliases CVE-2010-1322
Summary The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
rhas Important https://access.redhat.com/errata/RHSA-2010:0863
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.01835 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.04978 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.81304 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.82532 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.82532 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.82532 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88269 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88269 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88269 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88269 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88269 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88269 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88700 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88700 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88700 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88700 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
epss 0.88700 https://api.first.org/data/v1/epss?cve=CVE-2010-1322
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=636335
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2010-1322
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1322.json
https://api.first.org/data/v1/epss?cve=CVE-2010-1322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1322
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2010:202
http://www.redhat.com/support/errata/RHSA-2010-0863.html
http://www.securityfocus.com/archive/1/514144/100/0/threaded
http://www.securityfocus.com/bid/43756
http://www.ubuntu.com/usn/USN-999-1
http://www.vupen.com/english/advisories/2010/2865
599237 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599237
636335 https://bugzilla.redhat.com/show_bug.cgi?id=636335
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
CVE-2010-1322 https://nvd.nist.gov/vuln/detail/CVE-2010-1322
GLSA-201201-13 https://security.gentoo.org/glsa/201201-13
RHSA-2010:0863 https://access.redhat.com/errata/RHSA-2010:0863
USN-999-1 https://usn.ubuntu.com/999-1/
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-1322
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.81333
EPSS Score 0.01835
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.