CVE-2009-0845

Priority
Description
The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through
1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via invalid
ContextFlags data in the reqFlags field in a negTokenInit token.
Assigned-to
kees
Notes
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2020-09-10 01:11:01 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)