CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name	Vendor	Start Version	End Version
Kerberos_5	Mit	*	1.3.4 (including)

Potential Mitigations

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000860
http://marc.info/?l=bugtraq\u0026m=109508872524753\u0026w=2
http://rhn.redhat.com/errata/RHSA-2004-350.html
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt
http://www.debian.org/security/2004/dsa-543
http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml
http://www.kb.cert.org/vuls/id/795632
http://www.securityfocus.com/bid/11078
http://www.trustix.net/errata/2004/0045/
http://www.us-cert.gov/cas/techalerts/TA04-247A.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/17157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10709
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4936

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0642
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References