CyberSafe Information for VU#866472

MIT Kerberos 5 ASN.1 decoding function krb5_rd_cred() insecurely deallocates memory (double-free)


Not Affected

Vendor Statement

The CyberSafe products listed below are not vulnerable.

  • CyberSafe Challenger 5.2.8 (this is the same code used within CISCO IOS)
  • TrustBroker 2.0, 2.1
  • ActiveTRUST 3.0, 4.0
  • TrustBroker Application Security SDK & Runtime Library 3.1.0
  • TrustBroker Secure Client 4.1.

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References



    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.