Search for vulnerabilities
Vulnerability details: VCID-6cwt-rjex-aaas
Vulnerability ID VCID-6cwt-rjex-aaas
Aliases CVE-2011-0284
Summary Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
rhas Important https://access.redhat.com/errata/RHSA-2011:0356
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.24188 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.3203 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.35559 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.45577 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.45577 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.45577 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
epss 0.45577 https://api.first.org/data/v1/epss?cve=CVE-2011-0284
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=674325
cvssv2 7.6 https://nvd.nist.gov/vuln/detail/CVE-2011-0284
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056413.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056573.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056579.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://osvdb.org/71183
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json
https://api.first.org/data/v1/epss?cve=CVE-2011-0284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284
http://secunia.com/advisories/43700
http://secunia.com/advisories/43760
http://secunia.com/advisories/43783
http://secunia.com/advisories/43881
http://securitytracker.com/id?1025216
https://exchange.xforce.ibmcloud.com/vulnerabilities/66101
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
http://www.kb.cert.org/vuls/id/943220
http://www.mandriva.com/security/advisories?name=MDVSA-2011:048
http://www.redhat.com/support/errata/RHSA-2011-0356.html
http://www.securityfocus.com/archive/1/517029/100/0/threaded
http://www.securityfocus.com/bid/46881
http://www.ubuntu.com/usn/USN-1088-1
http://www.vupen.com/english/advisories/2011/0672
http://www.vupen.com/english/advisories/2011/0673
http://www.vupen.com/english/advisories/2011/0680
http://www.vupen.com/english/advisories/2011/0722
http://www.vupen.com/english/advisories/2011/0763
618517 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517
674325 https://bugzilla.redhat.com/show_bug.cgi?id=674325
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
CVE-2011-0284 https://nvd.nist.gov/vuln/detail/CVE-2011-0284
GLSA-201201-13 https://security.gentoo.org/glsa/201201-13
RHSA-2011:0356 https://access.redhat.com/errata/RHSA-2011:0356
USN-1088-1 https://usn.ubuntu.com/1088-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0284
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95611
EPSS Score 0.24188
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.