Total vulnerabilities in the database
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.
| Software | From | Fixed in |
|---|---|---|
| mit / kerberos_5 | - | 1.6.4 |
| fedoraproject / fedora | 10 | 10.x |
| fedoraproject / fedora | 9 | 9.x |
| canonical / ubuntu_linux | 7.10 | 7.10.x |
| canonical / ubuntu_linux | 8.10 | 8.10.x |
| canonical / ubuntu_linux | 8.04 | 8.04.x |
| canonical / ubuntu_linux | 6.06 | 6.06.x |
| apple / mac_os_x | - | 10.5.7 |
| redhat / enterprise_linux | 4.0 | 4.0.x |
| redhat / enterprise_linux_desktop | 3.0 | 3.0.x |
| redhat / enterprise_linux_desktop | 4.0 | 4.0.x |
| redhat / enterprise_linux_eus | 4.7 | 4.7.x |
| redhat / enterprise_linux_server | 4.0 | 4.0.x |
| redhat / enterprise_linux_workstation | 4.0 | 4.0.x |
| redhat / enterprise_linux_workstation | 3.0 | 3.0.x |
| redhat / enterprise_linux_server | 3.0 | 3.0.x |
| redhat / enterprise_linux_server | 2.0 | 2.0.x |
| redhat / enterprise_linux_workstation | 2.0 | 2.0.x |