Search for vulnerabilities
Vulnerability details: VCID-bcf9-ur86-aaap
Vulnerability ID VCID-bcf9-ur86-aaap
Aliases CVE-2004-0643
Summary Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-415 Double Free
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2004:350
rhas Critical https://access.redhat.com/errata/RHSA-2004:448
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2004-0643
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=1617247
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2004-0643
Reference id Reference type URL
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
http://marc.info/?l=bugtraq&m=109508872524753&w=2
http://rhn.redhat.com/errata/RHSA-2004-350.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0643.json
https://api.first.org/data/v1/epss?cve=CVE-2004-0643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0643
https://exchange.xforce.ibmcloud.com/vulnerabilities/17159
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10267
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3322
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt
http://www.debian.org/security/2004/dsa-543
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml
http://www.kb.cert.org/vuls/id/866472
http://www.securityfocus.com/bid/11078
http://www.trustix.net/errata/2004/0045/
http://www.us-cert.gov/cas/techalerts/TA04-247A.html
1617247 https://bugzilla.redhat.com/show_bug.cgi?id=1617247
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
CVE-2004-0643 https://nvd.nist.gov/vuln/detail/CVE-2004-0643
RHSA-2004:350 https://access.redhat.com/errata/RHSA-2004:350
RHSA-2004:448 https://access.redhat.com/errata/RHSA-2004:448
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2004-0643
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.18094
EPSS Score 0.00046
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.