CVE-2005-1174
krb5 - buffer overflow, double-free memory
EPSS 40.9%
Description
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
How to fix CVE-2005-1174
To remediate CVE-2005-1174, upgrade the affected package to a fixed version below.
- Debian/krb5—upgrade to 1.3.6-4 or later
- Debian/krb5—upgrade to 1.2.4-5woody10 or later
Is CVE-2005-1174 being exploited?
Moderate — EPSS is 40.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.3.6-4
- from 0, < 1.2.4-5woody10