CVE-2009-0845

Name: CVE-2009-0845
Creator: NVD / NIST
Published: 2009-03-27T16:30:02.157+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.63%

Last modified Jun 16, 2026

CVE-2009-0845 is a vulnerability of currently unknown severity. The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.. EPSS estimates a 5.63% chance of exploitation in the next 30 days.

Description

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

Metrics

EPSS Probability

5.63%

92.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Mit	Kerberos	5-1.6.3
Mit	Kerberos 5	1.5
Mit	Kerberos 5	1.5.1
Mit	Kerberos 5	1.5.2
Mit	Kerberos 5	1.5.3
Mit	Kerberos 5	1.6
Mit	Kerberos 5	1.6.1
Mit	Kerberos 5	1.6.2

References

Timeline

Published: Mar 27, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-0845?

How severe is CVE-2009-0845?

Severity scoring for CVE-2009-0845 is pending analysis. The EPSS model estimates a 5.63% probability of exploitation in the next 30 days.

How do I fix CVE-2009-0845?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0845?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST