Search for vulnerabilities
Vulnerability details: VCID-p9ds-68cs-aaaq
Vulnerability ID VCID-p9ds-68cs-aaaq
Aliases CVE-2009-3295
Summary The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.00588 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.01133 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.03119 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.76625 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.76625 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.76625 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.76625 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
epss 0.89487 https://api.first.org/data/v1/epss?cve=CVE-2009-3295
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=545002
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2009-3295
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3295.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3295
http://secunia.com/advisories/37977
http://securitytracker.com/id?1023392
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt
http://www.securityfocus.com/archive/1/508622/100/0/threaded
http://www.securityfocus.com/bid/37486
http://www.vupen.com/english/advisories/2009/3652
545002 https://bugzilla.redhat.com/show_bug.cgi?id=545002
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
CVE-2009-3295 https://nvd.nist.gov/vuln/detail/CVE-2009-3295
GLSA-201201-13 https://security.gentoo.org/glsa/201201-13
USN-879-1 https://usn.ubuntu.com/879-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-3295
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.67877
EPSS Score 0.00588
Published At April 22, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.