Lucene search

K
cvelistMitreCVELIST:CVE-2011-0285
HistoryApr 15, 2011 - 12:00 a.m.

CVE-2011-0285

2011-04-1500:00:00
mitre
www.cve.org

6 Medium

AI Score

Confidence

High

0.246 Low

EPSS

Percentile

96.7%

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

6 Medium

AI Score

Confidence

High

0.246 Low

EPSS

Percentile

96.7%