Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
2007-12-06T02:46:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.9 (MEDIUM)
AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | apple | mac_os_x | 10.4.11 | No |
Operating System | apple | mac_os_x | 10.5.2 | No |
Operating System | apple | mac_os_x_server | 10.4.11 | No |
Operating System | apple | mac_os_x_server | 10.5.2 | No |
Application | mit | kerberos_5 | ≤ 1.6.3_kdc | Yes |