CVE-2009-0845

Priority
Description
The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through
1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via invalid
ContextFlags data in the reqFlags field in a negTokenInit token.
Assigned-to
kees
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-03-19 11:49:16 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)