CVE-2009-0846

Name: CVE-2009-0846
Creator: NVD / NIST
Published: 2009-04-09T00:30:00.267+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 8.90%

Last modified Jun 16, 2026

CVE-2009-0846 is a vulnerability of currently unknown severity. The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.. EPSS estimates a 8.90% chance of exploitation in the next 30 days.

Description

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Metrics

EPSS Probability

8.90%

94.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-824

Affected Software

Vendor	Product	Versions
Mit	Kerberos 5	< 1.6.4
Fedoraproject	Fedora	9
Fedoraproject	Fedora	10
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	7.10
Canonical	Ubuntu Linux	8.04
Canonical	Ubuntu Linux	8.10
Apple	Mac Os X	< 10.5.7
Redhat	Enterprise Linux	4.0
Redhat	Enterprise Linux Desktop	3.0
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux Eus	4.7
Redhat	Enterprise Linux Server	2.0
Redhat	Enterprise Linux Server	3.0
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Workstation	2.0
Redhat	Enterprise Linux Workstation	3.0
Redhat	Enterprise Linux Workstation	4.0

References

http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlMailing List
http://lists.vmware.com/pipermail/security-announce/2009/000059.htmlBroken Link
http://marc.info/?l=bugtraq&m=124896429301168&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=130497213107107&w=2Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0409.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0410.htmlThird Party Advisory
http://secunia.com/advisories/34594Broken Link
http://secunia.com/advisories/34598Broken Link
http://secunia.com/advisories/34617Broken Link
http://secunia.com/advisories/34622Broken Link
http://secunia.com/advisories/34628Broken Link
http://secunia.com/advisories/34630Broken Link
http://secunia.com/advisories/34637Broken Link
http://secunia.com/advisories/34640Broken Link
http://secunia.com/advisories/34734Broken Link
http://secunia.com/advisories/35074Broken Link
http://secunia.com/advisories/35667Broken Link
http://security.gentoo.org/glsa/glsa-200904-09.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1Broken Link
http://support.apple.com/kb/HT3549Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmThird Party Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlBroken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlBroken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txtPatch, Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0058Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21396120Broken Link
http://www.kb.cert.org/vuls/id/662091Broken Link, Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0408.htmlBroken Link
http://www.securityfocus.com/archive/1/502527/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/502546/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/504683/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/34409Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1021994Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-755-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0008.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2009/0960Broken Link
http://www.vupen.com/english/advisories/2009/0976Broken Link
http://www.vupen.com/english/advisories/2009/1057Broken Link
http://www.vupen.com/english/advisories/2009/1106Broken Link
http://www.vupen.com/english/advisories/2009/1297Broken Link
http://www.vupen.com/english/advisories/2009/2084Broken Link
http://www.vupen.com/english/advisories/2009/2248Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlMailing List
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.htmlMailing List
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlMailing List
http://lists.vmware.com/pipermail/security-announce/2009/000059.htmlBroken Link
http://marc.info/?l=bugtraq&m=124896429301168&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=130497213107107&w=2Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0409.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0410.htmlThird Party Advisory
http://secunia.com/advisories/34594Broken Link
http://secunia.com/advisories/34598Broken Link
http://secunia.com/advisories/34617Broken Link
http://secunia.com/advisories/34622Broken Link
http://secunia.com/advisories/34628Broken Link
http://secunia.com/advisories/34630Broken Link
http://secunia.com/advisories/34637Broken Link
http://secunia.com/advisories/34640Broken Link
http://secunia.com/advisories/34734Broken Link
http://secunia.com/advisories/35074Broken Link
http://secunia.com/advisories/35667Broken Link
http://security.gentoo.org/glsa/glsa-200904-09.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1Broken Link
http://support.apple.com/kb/HT3549Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmThird Party Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlBroken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlBroken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txtPatch, Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0058Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21396120Broken Link
http://www.kb.cert.org/vuls/id/662091Broken Link, Third Party Advisory, US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0408.htmlBroken Link
http://www.securityfocus.com/archive/1/502527/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/502546/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/504683/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/34409Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1021994Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-755-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0008.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2009/0960Broken Link
http://www.vupen.com/english/advisories/2009/0976Broken Link
http://www.vupen.com/english/advisories/2009/1057Broken Link
http://www.vupen.com/english/advisories/2009/1106Broken Link
http://www.vupen.com/english/advisories/2009/1297Broken Link
http://www.vupen.com/english/advisories/2009/2084Broken Link
http://www.vupen.com/english/advisories/2009/2248Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlMailing List
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.htmlMailing List

Timeline

Published: Apr 9, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-0846?

How severe is CVE-2009-0846?

Severity scoring for CVE-2009-0846 is pending analysis. The EPSS model estimates a 8.90% probability of exploitation in the next 30 days.

How do I fix CVE-2009-0846?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0846?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST