Search for vulnerabilities
Vulnerability details: VCID-pdyn-cq3s-aaag
Vulnerability ID VCID-pdyn-cq3s-aaag
Aliases CVE-2007-5901
Summary Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-399 Resource Management Errors
CWE-416 Use After Free
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2008:0164
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2007-5901
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=415321
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2007-5901
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=199214
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://osvdb.org/43346
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5901.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5901
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901
http://seclists.org/fulldisclosure/2007/Dec/0176.html
http://seclists.org/fulldisclosure/2007/Dec/0321.html
http://secunia.com/advisories/29451
http://secunia.com/advisories/29464
http://secunia.com/advisories/29516
http://secunia.com/advisories/39290
http://security.gentoo.org/glsa/glsa-200803-31.xml
https://issues.rpath.com/browse/RPL-2012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11451
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
http://ubuntu.com/usn/usn-924-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
http://www.redhat.com/support/errata/RHSA-2008-0164.html
http://www.securityfocus.com/bid/26750
http://www.vupen.com/english/advisories/2008/0924/references
415321 https://bugzilla.redhat.com/show_bug.cgi?id=415321
454974 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974
CVE-2007-5901 https://nvd.nist.gov/vuln/detail/CVE-2007-5901
GLSA-200803-31 https://security.gentoo.org/glsa/200803-31
RHSA-2008:0164 https://access.redhat.com/errata/RHSA-2008:0164
USN-924-1 https://usn.ubuntu.com/924-1/
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-5901
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.12743
EPSS Score 0.00075
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.