CVE-2009-4212
krb5 - denial of service
EPSS 16.5%
Description
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
How to fix CVE-2009-4212
To remediate CVE-2009-4212, upgrade the affected package to a fixed version below.
- Debian/krb5—upgrade to 1.8+dfsg~alpha1-1 or later
- Debian/krb5—upgrade to 1.4.4-7etch8 or later
Is CVE-2009-4212 being exploited?
Moderate — EPSS is 16.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.8+dfsg~alpha1-1
- from 0, < 1.4.4-7etch8