Unrated severityNVD Advisory· Published Apr 9, 2009· Updated Apr 23, 2026

CVE-2009-0846

Description

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Affected products

Mit/Kerberos 5
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Range: <1.6.4
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <10.5.7
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Red Hat/Enterprise Linux
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server3 versions
cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation3 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txtnvdPatchVendor Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2009-0409.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2009-0410.htmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-200904-09.xmlnvdThird Party Advisory
support.apple.com/kb/HT3549nvdThird Party Advisory
support.avaya.com/elmodocs2/security/ASA-2009-142.htmnvdThird Party Advisory
www.kb.cert.org/vuls/id/662091nvdBroken LinkThird Party AdvisoryUS Government Resource
www.securityfocus.com/archive/1/502527/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/502546/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/504683/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/34409nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-755-1nvdThird Party Advisory
www.us-cert.gov/cas/techalerts/TA09-133A.htmlnvdThird Party AdvisoryUS Government Resource
www.vmware.com/security/advisories/VMSA-2009-0008.htmlnvdThird Party Advisory
lists.apple.com/archives/security-announce/2009/May/msg00002.htmlnvdMailing List
lists.vmware.com/pipermail/security-announce/2009/000059.htmlnvdBroken Link
secunia.com/advisories/34594nvdBroken Link
secunia.com/advisories/34598nvdBroken Link
secunia.com/advisories/34617nvdBroken Link
secunia.com/advisories/34622nvdBroken Link
secunia.com/advisories/34628nvdBroken Link
secunia.com/advisories/34630nvdBroken Link
secunia.com/advisories/34637nvdBroken Link
secunia.com/advisories/34640nvdBroken Link
secunia.com/advisories/34734nvdBroken Link
secunia.com/advisories/35074nvdBroken Link
secunia.com/advisories/35667nvdBroken Link
sunsolve.sun.com/search/document.donvdBroken Link
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlnvdBroken Link
support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlnvdBroken Link
wiki.rpath.com/Advisories:rPSA-2009-0058nvdBroken Link
wiki.rpath.com/wiki/Advisories:rPSA-2009-0058nvdBroken Link
www-01.ibm.com/support/docview.wssnvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.redhat.com/support/errata/RHSA-2009-0408.htmlnvdBroken Link
www.vupen.com/english/advisories/2009/0960nvdBroken Link
www.vupen.com/english/advisories/2009/0976nvdBroken Link
www.vupen.com/english/advisories/2009/1057nvdBroken Link
www.vupen.com/english/advisories/2009/1106nvdBroken Link
www.vupen.com/english/advisories/2009/1297nvdBroken Link
www.vupen.com/english/advisories/2009/2084nvdBroken Link
www.vupen.com/english/advisories/2009/2248nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301nvdBroken Link
www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlnvdMailing List
www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.htmlnvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.040
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000